CVE-2019-19354
CVE-2019-19354 operator-framework/hadoop: /etc/passwd is given incorrect privileges
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Se encontró una vulnerabilidad de modificación no segura en el archivo /etc/passwd en operator-framework/hadoop como es enviado en Red Hat Openshift versión 4. Un atacante con acceso al contenedor podría usar este fallo para modificar /etc/passwd y escalar sus privilegios
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-11-27 CVE Reserved
- 2020-05-04 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-269: Improper Privilege Management
CAPEC
References (4)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/articles/4859371 | 2023-02-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | 2023-02-12 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1793278 | 2020-05-04 | |
| https://access.redhat.com/security/cve/CVE-2019-19354 | 2020-05-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | >= 4.4 < 4.4.3 Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 4.4 < 4.4.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Safe
|
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | >= 4.4 < 4.4.3 Search vendor "Redhat" for product "Openshift Container Platform" and version " >= 4.4 < 4.4.3" | - |
Affected
| in | Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Safe
|