Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-1690

Опубликовано: 12 фев. 2020
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service.

Отчет

In Red Hat OpenStack Platform 15, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP openstack-selinux package.

Меры по смягчению последствий

There is no known mitigation for this issue, the flaw can only be resolved by applying updates.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenStack Platform 10 (Newton)openstack-selinuxNot affected
Red Hat OpenStack Platform 13 (Queens)openstack-selinuxNot affected
Red Hat OpenStack Platform 15 (Stein)openstack-selinuxWill not fix
Red Hat OpenStack Platform 16.1openstack-selinuxFixedRHSA-2020:438128.10.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1789640openstack-selinux: policy flaw allows dbus messaging

EPSS

Процентиль: 28%
0.001
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-1690

CVSS3: 6.5
nvd
около 4 лет назад

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

github логотип

GHSA-2364-qg82-xg35

CVSS3: 6.5
github
около 3 лет назад

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

EPSS

Процентиль: 28%
0.001
Низкий

6.5 Medium

CVSS3