admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2024/33xxx/CVE-2024-33522.json
CVE Team eba7bfb71b
"-Synchronized-Data."
2024-04-29 23:00:34 +00:00

179 lines
7.2 KiB
JSON
Raw Blame History

{
"data_version": "4.0",
"data_type": "CVE",
"data_format": "MITRE",
"CVE_data_meta": {
"ID": "CVE-2024-33522",
"ASSIGNER": "psirt@tigera.io",
"STATE": "PUBLIC"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges.\n"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management",
"cweId": "CWE-269"
}
]
}
]
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Tigera",
"product": {
"product_data": [
{
"product_name": "Calico",
"version": {
"version_data": [
{
"version_value": "not down converted",
"x_cve_json_5_version_data": {
"versions": [
{
"lessThan": "v3.26.5",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "v3.27.3",
"status": "affected",
"version": "v3.27.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v3.28.0"
}
],
"defaultStatus": "unaffected"
}
}
]
}
},
{
"product_name": "Calico Enterprise ",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v3.17.4"
},
{
"version_affected": "<",
"version_name": "v3.18.0",
"version_value": "v3.18.2"
},
{
"version_affected": "<",
"version_name": "v3.19.0-1.0",
"version_value": "v3.19.0-2.0"
}
]
}
},
{
"product_name": "Calico Cloud",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "0",
"version_value": "v19.3.0"
}
]
}
}
]
}
}
]
}
},
"references": {
"reference_data": [
{
"url": "https://github.com/projectcalico/calico/issues/7981",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/issues/7981"
},
{
"url": "https://github.com/projectcalico/calico/pull/8447",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/pull/8447"
},
{
"url": "https://github.com/projectcalico/calico/pull/8517",
"refsource": "MISC",
"name": "https://github.com/projectcalico/calico/pull/8517"
},
{
"url": "https://www.tigera.io/security-bulletins-tta-2024-001/",
"refsource": "MISC",
"name": "https://www.tigera.io/security-bulletins-tta-2024-001/"
}
]
},
"generator": {
"engine": "Vulnogram 0.1.0-dev"
},
"source": {
"discovery": "UNKNOWN"
},
"credits": [
{
"lang": "en",
"value": "Christopher Alonso (Github: @latortuga71)"
},
{
"lang": "en",
"value": "Anthony Tam"
},
{
"lang": "en",
"value": "Behnam Shobiri"
},
{
"lang": "en",
"value": "Pedro Coutinho"
},
{
"lang": "en",
"value": "Matt Dupre"
}
],
"impact": {
"cvss": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink