CVE-2021-20264
containers/openjdk: /etc/passwd is given incorrect privileges
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Se ha encontrado un fallo de modificación no seguro en el archivo /etc/passwd en los contenedores openjdk-1.8 y openjdk-11. Este defecto permite a un atacante con acceso al contenedor modificar el /etc/passwd y escalar sus privilegios. La mayor amenaza de esta vulnerabilidad es para la confidencialidad, la integridad y la disponibilidad del sistema
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-17 CVE Reserved
- 2021-03-22 CVE Published
- 2023-04-29 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1932283 | 2021-03-19 | |
https://access.redhat.com/security/cve/CVE-2021-20264 | 2021-03-19 | |
https://access.redhat.com/articles/4859371 | 2021-03-19 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Oracle Search vendor "Oracle" | Openjdk Search vendor "Oracle" for product "Openjdk" | 1.8.0 Search vendor "Oracle" for product "Openjdk" and version "1.8.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Openjdk Search vendor "Oracle" for product "Openjdk" | 11 Search vendor "Oracle" for product "Openjdk" and version "11" | - |
Affected
|