Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Privilege escalation in Calico CNI install binary
Vulnerability Description
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
特权管理不恰当
Vulnerability Title
Calico 安全漏洞
Vulnerability Description
Tigera Calico是美国Tigera公司的一套针对容器、虚拟机和主机工作负载的开源网络安全解决方案。 Calico、Calico Enterprise、Calico Cloud存在安全漏洞。攻击者利用该漏洞通过提升的权限执行任意二进制文件。以下产品及版本受到影响:Calico v3.27.2版本及之前版本、Calico Enterprise v3.19.0-1版本、v3.18.1版本、v3.17.3版本及之前版本、Calico Cloud v19.2.0版本及之前版本。
CVSS Information
N/A
Vulnerability Type
N/A