CVE-2019-19354

Опубликовано: 24 мар. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Ссылки

https://access.redhat.com/articles/4859371
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1791534
Issue Tracking
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1793278
Issue Tracking
Vendor Advisory
https://access.redhat.com/articles/4859371
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1791534
Issue Tracking
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1793278
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*

Версия от 4.4 (включая) до 4.4.3 (исключая)

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 15%

0.00047

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-266

CWE-269

Связанные уязвимости

CVE-2019-19354

CVSS3: 7

redhat

около 6 лет назад

GHSA-358w-6w72-3p29