CVE-2020-1707Incorrect Permission Assignment in Redhat Openshift

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
7.0HIGHNVD
EPSS
0.0%
top 87.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift
Timeline
PublishedMar 20
Latest updateMay 24

Description

A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages1 packages

NVDredhat/openshift4.04.3

🔴Vulnerability Details

2
GHSA
GHSA-4mj7-c2gw-2c45: A vulnerability was found in all openshift/postgresql-apb 42022-05-24
CVEList
CVE-2020-1707: A vulnerability was found in all openshift/postgresql-apb 42020-03-20

📋Vendor Advisories

1
Red Hat
openshift/postgresql-apb: /etc/passwd is given incorrect privileges2020-01-21

💬Community

1
Bugzilla
CVE-2020-1707 openshift/postgresql-apb: /etc/passwd is given incorrect privileges2020-01-21