CVE-2019-19354

Published: Mar 24, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Affected (1)

Products: Redhat: Openshift Container Platform

1 product

Openshift Container Platform

Configuration A

1 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	From 4.4 to 4.4.3

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Related CWEs

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (6)

https://access.redhat.com/articles/4859371

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1791534

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1793278

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://access.redhat.com/articles/4859371

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1791534

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1793278

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.