CVE-2020-1708

HIGH Year: 2020
CVSS v3 Score
7.0
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-266
View all →

Vulnerability Description

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.

Related Vulnerabilities

CVE-2019-19346

HIGH
CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An atta...

CWE-2662019

CVE-2019-19348

HIGH
CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker...

CWE-2662019

CVE-2019-19351

HIGH
CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and esca...

CWE-2662019

CVE-2019-19352

HIGH
CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this fla...

CWE-2662019

CVE-2019-19353

HIGH
CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw ...

CWE-2662019

CVE-2019-19355

HIGH
CVSS:7.0(High)

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd a...

CWE-2662019