Description
A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1829674
Scores
CVSS v3
7.8
EPSS
0.0021
EPSS Percentile
10.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-266
CWE-269
Status
published
Products (1)
automationbroker/apb
< 2.0.4-1
Published
Aug 16, 2022
Tracked Since
Feb 18, 2026