Описание
A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the /etc/passwd. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
Отчет
This issue was classified with and Important severity according to the severity ratings described at https://access.redhat.com/security/updates/classification. This rating was given because the attacker, when a successfully attack is performed, can elevate its privilege to the root user.
Меры по смягчению последствий
This issue can be mitigated by setting this line in each mirror registry systemd configurations: --security-opt=no-new-privileges This would prevent any privilege escalation until the issue is fixed.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| mirror registry for Red Hat OpenShift | mirror-registry-container | Affected | ||
| MIRROR-REGISTRY-2.0-RHEL-8 | openshift/mirror-registry-rhel8 | Fixed | RHBA-2025:9645 | 14.07.2025 |
Показывать по
Дополнительная информация
Статус:
8.2 High
CVSS3
Связанные уязвимости
A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
8.2 High
CVSS3