CWE-266
AllowedIncorrect Privilege Assignment
Abstraction: Base · Status: Draft
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
1913 vulnerabilities reference this CWE, most recent first.
CVE-2019-19355 (GCVE-0-2019-19355)
Vulnerability from cvelistv5 – Published: 2020-03-18 16:35 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "Openshift 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T16:35:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19355"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19355",
"datePublished": "2020-03-18T16:35:00.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19354 (GCVE-0-2019-19354)
Vulnerability from cvelistv5 – Published: 2021-03-24 16:19 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | x_refsource_MISC |
| https://access.redhat.com/articles/4859371 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1793278 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | operator-framework/hadoop |
Affected:
as shipped in Red Hat Openshift 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/articles/4859371"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "operator-framework/hadoop",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "as shipped in Red Hat Openshift 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T16:19:47.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/articles/4859371"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793278"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19354",
"datePublished": "2021-03-24T16:19:47.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19353 (GCVE-0-2019-19353)
Vulnerability from cvelistv5 – Published: 2021-03-24 16:07 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1793279 | x_refsource_MISC |
| https://access.redhat.com/articles/4859371 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | operator-framework/hive |
Affected:
as shipped in Red Hat Openshift 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/articles/4859371"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "operator-framework/hive",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "as shipped in Red Hat Openshift 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T16:07:14.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793279"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/articles/4859371"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19353",
"datePublished": "2021-03-24T16:07:14.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19352 (GCVE-0-2019-19352)
Vulnerability from cvelistv5 – Published: 2021-03-24 16:02 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1793281 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | operator-framework/presto |
Affected:
as shipped in Red Hat Openshift 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "operator-framework/presto",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "as shipped in Red Hat Openshift 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T16:02:59.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793281"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19352",
"datePublished": "2021-03-24T16:02:59.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:46.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19351 (GCVE-0-2019-19351)
Vulnerability from cvelistv5 – Published: 2020-03-18 16:33 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "Openshift 4 and 3.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-18T16:33:50.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19351"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19351",
"datePublished": "2020-03-18T16:33:50.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19350 (GCVE-0-2019-19350)
Vulnerability from cvelistv5 – Published: 2021-03-24 15:36 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1793283 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | openshift/ansible-service-broker |
Affected:
as shipped in Red Hat Openshift 4 and 3.11
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift/ansible-service-broker",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "as shipped in Red Hat Openshift 4 and 3.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ansible-service-broker as shipped in Red Hat Openshift 4 and 3.11. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T15:36:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793283"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19350",
"datePublished": "2021-03-24T15:36:09.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19349 (GCVE-0-2019-19349)
Vulnerability from cvelistv5 – Published: 2021-03-24 15:32 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1793284 | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1791534 | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | operator-framework/operator-metering |
Affected:
as shipped in Red Hat Openshift 4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.170Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793284"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "operator-framework/operator-metering",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "as shipped in Red Hat Openshift 4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container operator-framework/operator-metering as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-24T15:32:35.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793284"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791534"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19349",
"datePublished": "2021-03-24T15:32:35.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.170Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19348 (GCVE-0-2019-19348)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:14 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Openshift Enterprise | openshift/apb-base |
Affected:
Fixed in 4.3.5-202003020549
Affected: Fixed in 4.2.21-202002240343 Affected: Fixed in 4.1.37-202003021622 Affected: Fixed in 3.11.188-4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:46.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift/apb-base",
"vendor": "Openshift Enterprise",
"versions": [
{
"status": "affected",
"version": "Fixed in 4.3.5-202003020549"
},
{
"status": "affected",
"version": "Fixed in 4.2.21-202002240343"
},
{
"status": "affected",
"version": "Fixed in 4.1.37-202003021622"
},
{
"status": "affected",
"version": "Fixed in 3.11.188-4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:14:08.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-19348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openshift/apb-base",
"version": {
"version_data": [
{
"version_value": "Fixed in 4.3.5-202003020549"
},
{
"version_value": "Fixed in 4.2.21-202002240343"
},
{
"version_value": "Fixed in 4.1.37-202003021622"
},
{
"version_value": "Fixed in 3.11.188-4"
}
]
}
}
]
},
"vendor_name": "Openshift Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19348"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19348",
"datePublished": "2020-04-02T19:14:08.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:46.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19346 (GCVE-0-2019-19346)
Vulnerability from cvelistv5 – Published: 2020-04-02 19:12 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| Openshift Enterprise | openshift/mariadb-apb |
Affected:
Fixed in 4.3.5-202003020549
Affected: Fixed in 4.2.21-202002240343 Affected: Fixed in 4.1.37-202003021622 Affected: Fixed in 3.11.188-4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift/mariadb-apb",
"vendor": "Openshift Enterprise",
"versions": [
{
"status": "affected",
"version": "Fixed in 4.3.5-202003020549"
},
{
"status": "affected",
"version": "Fixed in 4.2.21-202002240343"
},
{
"status": "affected",
"version": "Fixed in 4.1.37-202003021622"
},
{
"status": "affected",
"version": "Fixed in 3.11.188-4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-02T19:12:29.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-19346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "openshift/mariadb-apb",
"version": {
"version_data": [
{
"version_value": "Fixed in 4.3.5-202003020549"
},
{
"version_value": "Fixed in 4.2.21-202002240343"
},
{
"version_value": "Fixed in 4.1.37-202003021622"
},
{
"version_value": "Fixed in 3.11.188-4"
}
]
}
}
]
},
"vendor_name": "Openshift Enterprise"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19346",
"datePublished": "2020-04-02T19:12:29.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-19345 (GCVE-0-2019-19345)
Vulnerability from cvelistv5 – Published: 2020-03-20 14:00 – Updated: 2024-08-05 02:16| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| [UNKNOWN] | openshift/mediawiki-apb |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:16:47.043Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "openshift/mediawiki-apb",
"vendor": "[UNKNOWN]",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mediawiki-apb. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-20T14:00:33.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-19345",
"datePublished": "2020-03-20T14:00:33.000Z",
"dateReserved": "2019-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:16:47.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-1
Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
No CAPEC attack patterns related to this CWE.