CVE-2019-19345

Published: Mar 20, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Affected (2)

Products: Redhat: Openshift

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	From 4.0 to 4.3
Redhat Openshift	Version 3.11

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.