CVE-2019-19351Incorrect Privilege Assignment in RED HAT Openshift

CWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege Management6 documents6 sources
Severity
7.0HIGHNVD
EPSS
0.1%
top 70.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT OpenshiftRedhat Openshift
Timeline
PublishedMar 18
Latest updateAug 30

Description

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDredhat/openshift3.11, 4.0+1
CVEListV5red_hat/openshiftOpenshift 4 and 3.11

🔴Vulnerability Details

3
OSV
jupyter-notebook vulnerabilities2022-08-30
GHSA
GHSA-q7r9-33vw-6rfr: An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins2022-05-24
CVEList
CVE-2019-19351: An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins2020-03-18

📋Vendor Advisories

1
Red Hat
openshift/jenkins: /etc/passwd is given incorrect privileges2020-01-21

💬Community

1
Bugzilla
CVE-2019-19351 openshift/jenkins: /etc/passwd is given incorrect privileges2020-01-21
CVE-2019-19351 — Incorrect Privilege Assignment in RED | cvebase