CVE-2019-19352 β€” Incorrect Privilege Assignment in Presto

CWE-266 β€” Incorrect Privilege Assignment5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 89.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Operator-framework PrestoRedhat Openshift Container Platform
Timeline
PublishedMar 24
Latest updateMay 24

Description

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

β–ΆCVEListV5operator-framework/prestoas shipped in Red Hat Openshift 4

Also affects: Openshift Container Platform 4.0

πŸ”΄Vulnerability Details

2
GHSA
GHSA-2wg8-fhxh-9xhr: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4β†—2022-05-24
β–Ά
CVEList
CVE-2019-19352: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4β†—2021-03-24
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
operator-framework/presto: /etc/passwd is given incorrect privileges↗2020-01-21
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2019-19352 operator-framework/presto: /etc/passwd is given incorrect privileges↗2020-01-21
β–Ά
CVE-2019-19352 β€” Incorrect Privilege Assignment | cvebase