Untrusted Search Path
CVE-2022-38060
Summary
The "sudo" functionality of OpenStack Kolla contains a Privilege Escalation vulnerability. Misconfiguration in a container's "/etc/sudoers" file can lead to elevated privileges. This issue affects versions prior to 12.6.0, 13.0.x prior to 13.5.0, 14.0.x prior to 14.5.0.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- LOW
- HIGH
- HIGH
CWE-426 - Untrusted Search Path
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.
References
Advisory Timeline
- Published
