VDB
CVE-2021-20182
CVE-2021-20182
PUBLISHED
CVSS 8.800000190734863 HIGH
A privilege escalation flaw was found in openshift4/ose-docker-builder. The build container runs with high privileges using a chrooted environment instead of runc. If an attacker can gain access to this build container, they can potentially utilize the raw devices of the underlying node, such as the network and storage devices, to at least escalate their privileges to that of the cluster admin. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
EPSS 0.53% · 67.6th percentile
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.53%
67.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | openshift_container_platform | 4.4, 4.5, 4.6 |
| n/a | openshift | github.com/openshift/builder v0.0.0-20210118193943-6d10f5202a76 |
Exploit Intelligence
Timeline
- Feb 23, 2021 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score