Описание
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.3.0 (исключая)
cpe:2.3:a:nmstate:kubernetes-nmstate:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:a:redhat:openshift_virtualization:2:*:*:*:*:*:*:*
EPSS
Процентиль: 12%
0.0004
Низкий
7 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-266
CWE-732
Связанные уязвимости
CVSS3: 7
redhat
около 6 лет назад
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.
CVSS3: 7
github
больше 3 лет назад
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
EPSS
Процентиль: 12%
0.0004
Низкий
7 High
CVSS3
4.4 Medium
CVSS2
Дефекты
CWE-266
CWE-732