CVE-2019-15789

Description

Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container. Fixed in MicroK8s 1.15.3.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Affected products

Canonical / MicroK8s1.15 – 1.15.3

References

PATCHhttps://github.com/ubuntu/microk8s/pull/590
MISChttps://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-15789.html
VENDOR_ADVISORYhttps://pulsesecurity.co.nz/advisories/microk8s-privilege-escalation
MISChttps://discuss.kubernetes.io/t/explicit-use-of-sudo-in-microk8s-cli/7605