CVE-2019-19353 β€” Incorrect Privilege Assignment in Hive

CWE-266 β€” Incorrect Privilege Assignment5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 89.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Operator-framework HiveRedhat Openshift Container Platform
Timeline
PublishedMar 24
Latest updateMay 24

Description

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

β–ΆCVEListV5operator-framework/hiveas shipped in Red Hat Openshift 4

Also affects: Openshift Container Platform 4.0

πŸ”΄Vulnerability Details

2
GHSA
GHSA-c2xr-whwm-74cv: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4β†—2022-05-24
β–Ά
CVEList
CVE-2019-19353: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4β†—2021-03-24
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
operator-framework/hive: /etc/passwd is given incorrect privileges↗2020-01-21
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2019-19353 operator-framework/hive: /etc/passwd is given incorrect privileges↗2020-01-21
β–Ά
CVE-2019-19353 β€” Incorrect Privilege Assignment in Hive | cvebase