Google Guest-Oslogin vulnerabilities
3 known vulnerabilities affecting google/guest-oslogin.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2020-8933CRITICALCVSS 9.3≥ 20190304.00, ≤ 20200507.002020-06-22
CVE-2020-8933 [CRITICAL] CWE-276 CVE-2020-8933: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allo
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using the membership to the "lxd" group, an attacker can attach host devices and filesystems. Within an lxc container, it is possible to attach the host OS
nvd
CVE-2020-8907CRITICALCVSS 9.3≥ 20190304.00, ≤ 20200507.002020-06-22
CVE-2020-8907 [CRITICAL] CWE-276 CVE-2020-8907: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allo
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "docker" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modi
nvd
CVE-2020-8903HIGHCVSS 7.3≥ 20190304.00, ≤ 20200507.002020-06-22
CVE-2020-8903 [HIGH] CWE-276 CVE-2020-8903: A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allo
A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Using the DHCP XID, it is then possible
nvd