CVE-2020-10696 – buildah: Crafted input tar file may lead to local file overwrite during image build process
https://notcve.org/view.php?id=CVE-2020-10696
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. Se detectó un fallo de salto de ruta en Buildah en versiones anteriores a 1.14.5. Este fallo permite a un atacante engañar a un usuario para construir una imagen de contenedor maliciosa alojada en un servidor HTTP(s) y luego escribir archivos en el sistema del usuario en cualquier lugar donde el usuario tenga permisos. A path traversal flaw was found in Buildah. • https://access.redhat.com/security/cve/cve-2020-10696 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696 https://github.com/containers/buildah/pull/2245 https://access.redhat.com/security/cve/CVE-2020-10696 https://bugzilla.redhat.com/show_bug.cgi?id=1817651 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2020-1706 – openshift/apb-tools: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1706
It has been found that in openshift-enterprise version 3.11 and openshift-enterprise versions 4.1 up to, including 4.3, multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/apb-tools-container. Se ha encontrado que en openshift-enterprise versión 3.11 y openshift-enterprise versiones 4.1 hasta 4.3 incluyéndola, múltiples contenedores modifican los permisos de /etc/passwd para que sean entonces modificables por otros usuarios diferentes de root. Un atacante con acceso al contenedor en ejecución puede explotar esto para modificar /etc/passwd para agregar un usuario y escalar sus privilegios. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1706 https://access.redhat.com/security/cve/CVE-2020-1706 https://bugzilla.redhat.com/show_bug.cgi?id=1793302 https://access.redhat.com/articles/4859371 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-8945 – proglottis/gpgme: Use-after-free in GPGME bindings during container image pull
https://notcve.org/view.php?id=CVE-2020-8945
The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated by use for container image pulls by Docker or CRI-O. This leads to a crash or potential code execution during GPG signature verification. El contenedor Proglottis Go versiones anteriores a 0.1.1 para la biblioteca GPGME, presenta un uso de la memoria previamente liberada, como es demostrado por el uso para las extracciones de imágenes de contenedores para Docker o CRI-O. Esto conlleva a un bloqueo o posible ejecución de código durante una comprobación de la firma GPG. A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. • https://access.redhat.com/errata/RHSA-2020:0679 https://access.redhat.com/errata/RHSA-2020:0689 https://access.redhat.com/errata/RHSA-2020:0697 https://bugzilla.redhat.com/show_bug.cgi?id=1795838 https://github.com/containers/image/commit/4c7a23f82ef09127b0ff28366d1cf31316dd6cc1 https://github.com/proglottis/gpgme/compare/v0.1.0...v0.1.1 https://github.com/proglottis/gpgme/pull/23 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIF • CWE-416: Use After Free •
CVE-2020-1708 – openshift/mysql-apb: /etc/passwd is given incorrect privileges
https://notcve.org/view.php?id=CVE-2020-1708
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb. Se ha encontrado en openshift-enterprise versión 3.11 y en todas las versiones de openshift-enterprise desde 4.1 hasta, 4.3 incluyéndola, que varios contenedores modifican los permisos de /etc/passwd para que otros usuarios diferentes de root puedan modificarlos. Un atacante con acceso al contenedor en ejecución puede explotar esto para modificar /etc/passwd para agregar un usuario y escalar sus privilegios. • https://access.redhat.com/errata/RHSA-2020:0617 https://access.redhat.com/errata/RHSA-2020:0681 https://access.redhat.com/errata/RHSA-2020:0694 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1708 https://access.redhat.com/security/cve/CVE-2020-1708 https://bugzilla.redhat.com/show_bug.cgi?id=1793299 https://access.redhat.com/articles/4859371 • CWE-266: Incorrect Privilege Assignment CWE-269: Improper Privilege Management •
CVE-2019-13734 – sqlite: fts3: improve shadow table corruption detection
https://notcve.org/view.php?id=CVE-2019-13734
Out of bounds write in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Una escritura fuera de limites en SQLite en Google Chrome versiones anteriores a la versión 79.0.3945.79, permitió a un atacante remoto explotar potencialmente una corrupción de la pila por medio de una página HTML especialmente diseñada. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00032.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00036.html https://access.redhat.com/errata/RHSA-2019:4238 https://access.redhat.com/errata/RHSA-2020:0227 https://access.redhat.com/errata/RHSA-2020:0229 https://access.redhat.com/errata/RHSA-2020:0273 https://access.redhat.com/errata/RHSA-2020:0451 https://access.redhat.com/errata/RHSA-2020:0463 https://access.redhat.com/errata/RHSA-2020:0 • CWE-787: Out-of-bounds Write •