CVE-2019-19348

Published: Apr 2, 2020Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Affected (4)

Products: Redhat: Openshift

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift	Before 3.11.188-4
Redhat Openshift	From 4.0.0 to 4.1.37
Redhat Openshift	From 4.2.0 to 4.2.21
Redhat Openshift	From 4.3.0 to 4.3.5

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.