An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and previous versions. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kubernetes cri-o |
||
redhat openshift container platform 4.0 |