CVE-2020-1706

Published: Mar 9, 2020Modified: Nov 21, 2024

7.0

Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.0 / Impact: 5.9

Source: NVD

Description

It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container.

Affected (4)

Products: Redhat: Openshift Container Platform

Redhat

1 product

Openshift Container Platform

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 3.11
Redhat Openshift Container Platform	Version 4.1
Redhat Openshift Container Platform	Version 4.2
Redhat Openshift Container Platform	Version 4.3

Related CWEs

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

Timeline

No history available yet.