Vulnerability Details CVE-2019-15789
Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 13.5%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 7.2
References
- https://discuss.kubernetes.io/t/explicit-use-of-sudo-in-microk8s-cli/7605
- https://github.com/ubuntu/microk8s/pull/590
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15789.html
- https://pulsesecurity.co.nz/advisories/microk8s-privilege-escalation
- https://discuss.kubernetes.io/t/explicit-use-of-sudo-in-microk8s-cli/7605
- https://github.com/ubuntu/microk8s/pull/590
- https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15789.html
- https://pulsesecurity.co.nz/advisories/microk8s-privilege-escalation
Products affected by CVE-2019-15789
-
cpe:2.3:a:canonical:microk8s:1.11
-
cpe:2.3:a:canonical:microk8s:1.12
-
cpe:2.3:a:canonical:microk8s:1.13
-
cpe:2.3:a:canonical:microk8s:1.14
-
cpe:2.3:a:canonical:microk8s:1.15