{
  "threat_severity" : "Important",
  "public_date" : "2022-09-06T00:00:00Z",
  "bugzilla" : {
    "description" : "openstack/kolla: sudo privilege escalation vulnerability",
    "id" : "2124758",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2124758"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-269",
  "details" : [ "A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.", "A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges." ],
  "statement" : "To exploit this vulnerability, an attacker would need to have specialized access that allows them to modify how the container is run. The attacker would need to either modify the container's definition (such as by configuring environment variables or selecting the container image) or modify files in the container's file system. Both of these actions are typically restricted by user and group permissions. Hence, the impact for OpenStack is reduced to moderate.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 8",
    "release_date" : "2024-01-16T00:00:00Z",
    "advisory" : "RHSA-2024:0191",
    "cpe" : "cpe:/a:redhat:openstack:17.1::el8",
    "package" : "openstack-tripleo-common-0:15.4.1-17.1.20230927003755.el8ost",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.1 for RHEL 9",
    "release_date" : "2024-01-16T00:00:00Z",
    "advisory" : "RHSA-2024:0216",
    "cpe" : "cpe:/a:redhat:openstack:17.1::el9",
    "package" : "openstack-tripleo-common-0:15.4.1-17.1.20230927010819.el9ost",
    "impact" : "moderate"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "fix_state" : "Will not fix",
    "package_name" : "openstack-tripleo-common",
    "cpe" : "cpe:/a:redhat:openstack:16.1",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "fix_state" : "Will not fix",
    "package_name" : "openstack-tripleo-common",
    "cpe" : "cpe:/a:redhat:openstack:16.2",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.0",
    "fix_state" : "Out of support scope",
    "package_name" : "openstack-tripleo-common",
    "cpe" : "cpe:/a:redhat:openstack:17.0",
    "impact" : "moderate"
  }, {
    "product_name" : "Red Hat OpenStack Platform 18.0",
    "fix_state" : "Affected",
    "package_name" : "python-tcib",
    "cpe" : "cpe:/a:redhat:openstack:18.0",
    "impact" : "moderate"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-38060\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38060\nhttps://bugs.launchpad.net/bugs/1985784" ],
  "name" : "CVE-2022-38060",
  "mitigation" : {
    "value" : "/etc/sudoers within the container should use the `secure_path` option to prevent the PATH environment variable from being modified. However, this will not prevent other possibly dangerous environment variables from being changed. Ideally, the `setenv` option would be removed from /etc/sudoers altogether, and `env_keep` could be used for any safe environment variables that do not introduce security holes.\nTo avoid container compromises resulting in host compromise, avoid using privileged containers; prefer adding individual capabilities as needed.",
    "lang" : "en:us"
  },
  "csaw" : false
}