CVSS: 7.0EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19351 – openshift/jenkins: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2019-19351
25 Feb 2020 — An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11. Se detectó una vulnerabilidad de modificación no segura en el archivo /etc/passwd en el contenedor openshift/jenkins. Un atacante con acceso al contenedor podría usar este fallo p... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1704 – openshift-service-mesh/kiali-rhel7-operator: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1704
17 Feb 2020 — An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en OpenShift ServiceMesh (maistra) todas las versiones anteriores a 1.0.8 en el openshift/istio-kialia-rhel7-operator-cont... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1704 • CWE-266: Incorrect Privilege Assignment CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 1CVE-2020-8945 – proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
https://notcve.org/view.php?id=CVE-2020-8945
12 Feb 2020 — The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. El contenedor Proglottis Go versiones anteriores a 0.1.1 para la biblioteca GPGME, presenta un uso de la memoria previamente liberada, como es demostrado por el uso para las extracciones de imágenes de contenedores para Docker o CRI-O. Esto conlleva a un bloqueo o posible ej... • https://access.redhat.com/errata/RHSA-2020:0679 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-0234
https://notcve.org/view.php?id=CVE-2014-0234
12 Feb 2020 — The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. La configuración predeterminada de broker.conf en Red Hat OpenShift Enterprise versiones 2.x anteriores a 2.1, presenta una contraseña de "mooo" para una cuenta Mongo, lo ... • http://openwall.com/lists/oss-security/2014/06/05/19 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8595 – istio: unauthorised access to JWT protected HTTP path
https://notcve.org/view.php?id=CVE-2020-8595
12 Feb 2020 — Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authentication bypass. The Authentication Policy exact-path matching logic can allow unauthorized access to HTTP paths even if they are configured to be only accessed after presenting a valid JWT token. For example, an attacker can add a ? or # character to a URI that would otherwise satisfy an exact-path match. Las versiones Istio 1.2.10 (End of Life) y anteriores, 1.3 a 1.3.7, y 1.4 a 1.4.3 permiten la omisión d... • https://access.redhat.com/errata/RHSA-2020:0477 • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2019-19335 – openshift/installer: kubeconfig and kubeadmin-password are created with word-readable permissions
https://notcve.org/view.php?id=CVE-2019-19335
12 Feb 2020 — During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable. Durante la instalación de un clúster de OpenShift versión 4, la herramienta de línea de comando "openshift-install" crea un directorio "auth", con los... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.0EPSS: 0%CPEs: 17EXPL: 0CVE-2019-19921 – runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation
https://notcve.org/view.php?id=CVE-2019-19921
12 Feb 2020 — runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.) runc versiones hasta 1.0.0-rc9, posee un Control de Acceso Incorrecto conllevando a una escalada de privilegios, relacionado con el... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html • CWE-41: Improper Resolution of Path Equivalence CWE-706: Use of Incorrectly-Resolved Name or Reference •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-1726 – podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created
https://notcve.org/view.php?id=CVE-2020-1726
11 Feb 2020 — A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. Se detectó un fallo en Podman donde permite incorrectamente que los contenedores cuando se crean s... • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00097.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1708 – openshift/mysql-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1708
07 Feb 2020 — It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. Se ha encontrado en openshift-enterprise versión 3.11 y en todas las versiones de openshift-ente... • https://access.redhat.com/errata/RHSA-2020:0617 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2020-1700 – Ubuntu Security Notice USN-4304-1
https://notcve.org/view.php?id=CVE-2020-1700
07 Feb 2020 — A flaw was found in the way the Ceph RGW Beast front-end handles unexpected disconnects. An authenticated attacker can abuse this flaw by making multiple disconnect attempts resulting in a permanent leak of a socket connection by radosgw. This flaw could lead to a denial of service condition by pile up of CLOSE_WAIT sockets, eventually leading to the exhaustion of available resources, preventing legitimate users from connecting to the system. Se encontró un fallo en la manera en que el front-end Ceph RGW Be... • http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00009.html • CWE-400: Uncontrolled Resource Consumption •