CVE-2019-19348
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Openshift Enterprise | openshift/apb-base | Fixed in 4.3.5-202003020549 | affected |
| Openshift Enterprise | openshift/apb-base | Fixed in 4.2.21-202002240343 | affected |
| Openshift Enterprise | openshift/apb-base | Fixed in 4.1.37-202003021622 | affected |
| Openshift Enterprise | openshift/apb-base | Fixed in 3.11.188-4 | affected |
Weaknesses
- CWE-266: CWE-266
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.