ID |
CVE-2020-1706
|
Sažetak |
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container. |
Reference |
|
CVSS |
Base: | 4.4 |
Impact: | 6.4 |
Exploitability: | 3.4 |
|
Pristup |
Vektor | Složenost | Autentikacija |
LOCAL |
MEDIUM |
NONE |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
PARTIAL |
PARTIAL |
PARTIAL |
|
CVSS vektor |
AV:L/AC:M/Au:N/C:P/I:P/A:P |
Zadnje važnije ažuriranje |
12-02-2023 - 23:40 |
Objavljeno |
09-03-2020 - 16:15 |