Untrusted Search Path
CVE-2022-38060
Summary
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-426 - Untrusted Search Path
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
References
Advisory Timeline
- Published