CVE-2020-1742

CWE-266CWE-732Incorrect Permission AssignmentCWE-269Improper Privilege Management5 documents5 sources
Severity
7.0HIGH
EPSS
0.0%
top 87.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Nmstate Kubernetes-nmstateNmstate Kubernetes-nmstate-handlerRedhat Openshift Virtualization
Timeline
PublishedJun 7
Latest updateMay 24

Description

An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages3 packages

CVEListV5nmstate/kubernetes-nmstate-handlerkubernetes-nmstate-handler-container-v2.3.0-30

🔴Vulnerability Details

2
GHSA
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management2022-05-24
CVEList
CVE-2020-1742: An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler2021-06-07

📋Vendor Advisories

1
Red Hat
nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges2020-01-21

💬Community

1
Bugzilla
CVE-2020-1742 nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges2020-02-17