Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.
CVSS Information
N/A
Vulnerability Type
授权机制不恰当
Vulnerability Title
OpenStack 安全漏洞
Vulnerability Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。 OpenStack openstack-selinux 存在安全漏洞,该漏洞源于不会阻止容器中的非root用户特权升级。 一个或多个Red Hat OpenStack(RHOSP)容器中的非root用户攻击者可以将消息发送到dbus。 通过访问dbus攻击者可以启动或停止服务,从而可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A