CVE-2019-19350Incorrect Privilege Assignment in Ansible-service-broker

CWE-266Incorrect Privilege Assignment5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 89.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Openshift Ansible-service-brokerRedhat Openshift
Timeline
PublishedMar 24
Latest updateMay 24

Description

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5openshift/ansible-service-brokeras shipped in Red Hat Openshift 4 and 3.11
NVDredhat/openshift3.11, 4.0+1

🔴Vulnerability Details

2
GHSA
GHSA-gjp6-48wm-m8cr: An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and2022-05-24
CVEList
CVE-2019-19350: An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and2021-03-24

📋Vendor Advisories

1
Red Hat
openshift/ansible-service-broker: /etc/passwd is given incorrect privileges2020-01-21

💬Community

1
Bugzilla
CVE-2019-19350 openshift/ansible-service-broker: /etc/passwd is given incorrect privileges2020-01-21
CVE-2019-19350 — Incorrect Privilege Assignment | cvebase