CVE-2020-10728

HIGH Year: 2020
CVSS v3 Score
7.8
High
Weakness Type
CWE-266
View all →

Vulnerability Description

A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This container grants all users sudoer permissions allowing an unauthorized user with access to the running container the ability to escalate their own privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Related Vulnerabilities

CVE-2016-7066

HIGH
CVSS:7.8(High)

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute...

CWE-2662016

CVE-2017-12711

HIGH
CVSS:7.8(High)

An Incorrect Privilege Assignment issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. A built-in user account has been granted a sensitive privilege that may allow a user to e...

CWE-2662017

CVE-2019-19345

HIGH
CVSS:7.8(High)

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediaw...

CWE-2662019

CVE-2019-19349

HIGH
CVSS:7.8(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the contain...

CWE-2662019

CVE-2019-19350

HIGH
CVSS:7.8(High)

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container co...

CWE-2662019

CVE-2019-19354

HIGH
CVSS:7.8(High)

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this fla...

CWE-2662019