CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1707 – openshift/postgresql-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1707
04 Mar 2020 — A vulnerability was found in all openshift/postgresql-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/postgresql-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se encontró una vulnerabilidad en todas las versiones de openshift/postgresql-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /e... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19348 – openshift/apb-base: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19348
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/apb-base, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4.... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19345 – openshift/mediawiki-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19345
04 Mar 2020 — A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad en todas las versiones de openshift/mediawiki-apb 4.x.x anteriores a 4.3.0, donde se encontró una vulnerabilidad de modificación no segura en el archivo /etc/p... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-19346 – openshift/mariadb-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19346
04 Mar 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19351 – openshift/jenkins: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19351
25 Feb 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/jenkins. Un atacante con acceso al contenedor podría usar este fallo p... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19335 – openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions
https://notcve.org/view.php?id=CVE-2019-19335
12 Feb 2020 — During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. Durante la instalación de un clúster de OpenShift versión 4, la herramienta de línea de comando "openshift-install" crea un directorio "auth", con los... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2019-14845 – openshift: Container image TLS verification bypass
https://notcve.org/view.php?id=CVE-2019-14845
08 Oct 2019 — A vulnerability was found in OpenShift builds, versions 4.1 up to 4.3. Builds that extract source from a container image, bypass the TLS hostname verification. An attacker can take advantage of this flaw by launching a man-in-the-middle attack and injecting malicious content. Se encontró una vulnerabilidad en las compilaciones de OpenShift, versiones 4.1 hasta 4.3. Las compilaciones que extraen el origen de una imagen de contenedor, omiten la comprobación del nombre del host TLS. • https://access.redhat.com/errata/RHSA-2019:4101 • CWE-494: Download of Code Without Integrity Check •
CVSS: 5.4EPSS: 0%CPEs: 7EXPL: 0CVE-2019-3884 – atomic-openshift: cross-namespace owner references can trigger deletions of valid children
https://notcve.org/view.php?id=CVE-2019-3884
01 Aug 2019 — A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected. Se presenta una vulnerabilidad en el mecanismo garbage collection de atomic-openshift. Un atacante capaz de suplantar el UUID de un objeto válido de otro espacio de nombres es capaz de eliminar elementos secundarios de esos objetos. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884 • CWE-287: Improper Authentication CWE-290: Authentication Bypass by Spoofing •