Published: 09/03/2020 Updated: 12/02/2023

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat openshift container platform 3.11
redhat openshift container platform 4.1
redhat openshift container platform 4.2
redhat openshift container platform 4.3

Synopsis Moderate: OpenShift Container Platform 4234 openshift-enterprise-apb-tools-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-apb-tools-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has ra ...

Synopsis Moderate: OpenShift Container Platform 4325 openshift-enterprise-apb-tools-container security update Type / Sévérité Security Advisory: Moderate Sujet An update for openshift-enterprise-apb-tools-container is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security h ...

CWE-732 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:2305

CVE-2020-1706

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect