Vulnerability-Lookup

CVE-2020-10695 (GCVE-0-2020-10695)

Vulnerability from cvelistv5 – Published: 2021-05-26 21:35 – Updated: 2024-08-04 11:06

Summary

An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.

Severity ?

No CVSS data available.

CWE

CWE-266

Assigner

redhat

References

URL

	Vendor	Product	Version
	n/a	containers/redhat-sso-7	Affected: redhat-sso 7.4.4

RHSA-2020:5529

Vulnerability from csaf_redhat - Published: 2020-12-15 19:31 - Updated: 2025-11-21 18:19

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 on OpenJDK for OpenShift image security update

Notes

Topic

A new image is available for Red Hat Single Sign-On 7.4.4 on OpenJDK, running on OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services. This erratum releases a new image for Red Hat Single Sign-On 7.4.4 on OpenJDK for operation within the OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. Security Fix(es): * containers/redhat-sso-7: /etc/passwd is given incorrect privileges (CVE-2020-10695) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new image is available for Red Hat Single Sign-On 7.4.4 on OpenJDK, running on OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.4.4 on OpenJDK for operation within the OpenShift Container Platform of versions 3.10, 3.11, up to the 4.6 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity Fix(es):\n\n* containers/redhat-sso-7: /etc/passwd is given incorrect privileges (CVE-2020-10695)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5529",
        "url": "https://access.redhat.com/errata/RHSA-2020:5529"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/articles/4859371",
        "url": "https://access.redhat.com/articles/4859371"
      },
      {
        "category": "external",
        "summary": "1817530",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5529.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 on OpenJDK for OpenShift image security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:19:12+00:00",
      "generator": {
        "date": "2025-11-21T18:19:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2020:5529",
      "initial_release_date": "2020-12-15T19:31:12+00:00",
      "revision_history": [
        {
          "date": "2020-12-15T19:31:12+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-12-15T19:31:12+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:19:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Middleware Containers for OpenShift",
                "product": {
                  "name": "Middleware Containers for OpenShift",
                  "product_id": "8Base-RHOSE-Middleware",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64",
                "product": {
                  "name": "rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64",
                  "product_id": "rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd?arch=amd64\u0026repository_url=registry.redhat.io/rh-sso-7/sso74-openshift-rhel8\u0026tag=7.4-12"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64 as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64"
        },
        "product_reference": "rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Joseph LaMagna-Reiter"
          ],
          "organization": "SPR Inc."
        }
      ],
      "cve": "CVE-2020-10695",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2020-03-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1817530"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "containers/redhat-sso-7: /etc/passwd is given incorrect privileges",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1817530",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
        },
        {
          "category": "external",
          "summary": "RHSB-4859371",
          "url": "https://access.redhat.com/articles/4859371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10695"
        }
      ],
      "release_date": "2020-01-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-15T19:31:12+00:00",
          "details": "To update to the latest Red Hat Single Sign-On 7.4.4 on OpenJDK for\nOpenShift image, follow these steps to pull in the content:\n\n1. On your master hosts, ensure you are logged into the CLI as a\ncluster administrator or user with project administrator access\nto the global \"openshift\" project. For example:\n\n$ oc login -u system:admin\n\n2. Update the core set of Red Hat Single Sign-On resources for OpenShift\nin the \"openshift\" project by running the following commands:\n\n$ for resource in sso74-image-stream.json \\\nsso74-https.json \\\nsso74-ocp4-x509-https.json \\\nsso74-ocp4-x509-postgresql-persistent.json \\\nsso74-postgresql.json \\\nsso74-postgresql-persistent.json \\\nsso74-x509-https.json \\\nsso74-x509-postgresql-persistent.json\ndo\noc replace -n openshift --force -f \\\nhttps://raw.githubusercontent.com/jboss-container-images/redhat-sso-7-openshift-image/v7.4.4.GA/templates/${resource}\ndone\n\n3. Install the Red Hat Single Sign-On 7.4.4 on OpenJDK for OpenShift\nstreams in the \"openshift\" project by running the following commands:\n\n$ oc -n openshift import-image rh-sso-7/sso74-openshift-rhel8 --from=registry.redhat.io/rh-sso-7/sso74-openshift-rhel8:7.4 --confirm",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5529"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso74-openshift-rhel8@sha256:e8112461aef0a7cbfdd00df5548f0bf693f1f4c78587b2504bfd7d3b4aacf3bd_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "containers/redhat-sso-7: /etc/passwd is given incorrect privileges"
    }
  ]
}

RHSA-2020:5533

Vulnerability from csaf_redhat - Published: 2020-12-15 17:14 - Updated: 2025-11-21 18:19

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 security update

Notes

Topic

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.4.4 serves as a replacement for Red Hat Single Sign-On 7.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es): * redhat-sso-7-openshift-containers: /etc/passwd is given incorrect privileges (CVE-2020-10695) * hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638) * jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649) * keycloak: Account REST API can update user metadata attributes (CVE-2020-27826) * keycloak-nodejs-connect: nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.4 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.4.4 serves as a replacement for Red Hat Single Sign-On 7.4.3, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* redhat-sso-7-openshift-containers: /etc/passwd is given incorrect privileges (CVE-2020-10695)\n* hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used (CVE-2020-25638)\n* jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) (CVE-2020-25649)\n* keycloak: Account REST API can update user metadata attributes (CVE-2020-27826)\n* keycloak-nodejs-connect: nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures (CVE-2020-13822)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2020:5533",
        "url": "https://access.redhat.com/errata/RHSA-2020:5533"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "1817530",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
      },
      {
        "category": "external",
        "summary": "1848647",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647"
      },
      {
        "category": "external",
        "summary": "1881353",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
      },
      {
        "category": "external",
        "summary": "1887664",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
      },
      {
        "category": "external",
        "summary": "1905089",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905089"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_5533.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.4.4 security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:19:12+00:00",
      "generator": {
        "date": "2025-11-21T18:19:12+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2020:5533",
      "initial_release_date": "2020-12-15T17:14:01+00:00",
      "revision_history": [
        {
          "date": "2020-12-15T17:14:01+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2020-12-15T17:14:01+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:19:12+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Text-Only RHSSO",
                "product": {
                  "name": "Text-Only RHSSO",
                  "product_id": "Text-Only RHSSO",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:red_hat_single_sign_on"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Joseph LaMagna-Reiter"
          ],
          "organization": "SPR Inc."
        }
      ],
      "cve": "CVE-2020-10695",
      "cwe": {
        "id": "CWE-266",
        "name": "Incorrect Privilege Assignment"
      },
      "discovery_date": "2020-03-26T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1817530"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "containers/redhat-sso-7: /etc/passwd is given incorrect privileges",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only RHSSO"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-10695"
        },
        {
          "category": "external",
          "summary": "RHBZ#1817530",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
        },
        {
          "category": "external",
          "summary": "RHSB-4859371",
          "url": "https://access.redhat.com/articles/4859371"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10695",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-10695"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10695",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10695"
        }
      ],
      "release_date": "2020-01-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-15T17:14:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only RHSSO"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Text-Only RHSSO"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "containers/redhat-sso-7: /etc/passwd is given incorrect privileges"
    },
    {
      "cve": "CVE-2020-13822",
      "cwe": {
        "id": "CWE-190",
        "name": "Integer Overflow or Wraparound"
      },
      "discovery_date": "2020-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1848647"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Elliptic for Node.js allows ECDSA signature malleability via variations in encoding, leading \u0027\\0\u0027 bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In both OpenShift Container Platform (OCP) and OpenShift ServiceMesh (OSSM), the grafana and prometheus containers don\u0027t use the vulnerable elliptic library for authentication (OpenShift OAuth is used) or traffic communications (OpenShift route is used). Therefore the impact for OCP and OSSM is Low.\n\nRed Hat Quay includes nodejs-elliptic as a dependency of webpack. That dependency is only used at development time, not runtime. Therefore this vulnerability is rated low for Red Hat Quay.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only RHSSO"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-13822"
        },
        {
          "category": "external",
          "summary": "RHBZ#1848647",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848647"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-13822",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13822"
        },
        {
          "category": "external",
          "summary": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484",
          "url": "https://snyk.io/vuln/SNYK-JS-ELLIPTIC-571484"
        }
      ],
      "release_date": "2020-06-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-15T17:14:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only RHSSO"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "Text-Only RHSSO"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "nodejs-elliptic: improper encoding checks allows a certain degree of signature malleability in ECDSA signatures"
    },
    {
      "cve": "CVE-2020-25638",
      "cwe": {
        "id": "CWE-89",
        "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
      },
      "discovery_date": "2020-09-10T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1881353"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "For Red Hat Process Automation Manager and Red Hat Decision Manager, the kie-server-ee7 zip is primarily for Weblogic/Websphere which is decided to stay on hibernate 5.1.x, it\u0027s not possible to make an upgrade to 5.3.x due to technical reasons. For this reason this fix is included only for kie-server-ee7. For this reason there are two components for RHPAM and RHDM.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only RHSSO"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25638"
        },
        {
          "category": "external",
          "summary": "RHBZ#1881353",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25638",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25638"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25638"
        }
      ],
      "release_date": "2020-10-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-15T17:14:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only RHSSO"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5533"
        },
        {
          "category": "workaround",
          "details": "Set hibernate.use_sql_comments to false, which is the default value, or use named parameters instead of literals. Please refer to details in https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#configurations-logging and https://docs.jboss.org/hibernate/orm/5.4/userguide/html_single/Hibernate_User_Guide.html#sql-query-parameters.",
          "product_ids": [
            "Text-Only RHSSO"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Text-Only RHSSO"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used"
    },
    {
      "cve": "CVE-2020-25649",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2020-08-25T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1887664"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "* Red Hat Enterprise Linux 8 ships a vulnerable version of jackson-databind in the pki-deps:10.6 module. pki-deps:10.6 is for pki-core dependencies, but pki-core does not use the vulnerable DOMDeserializer class and thus has been set to low impact. Future updates may include fixed version of jackson-databind.\n\n* Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind code. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\n* Red Hat Virtualization ships a vulnerable version of jackson-databind, however the vulnerable DOMDeserializer class is not used in the code, therefore reducing impact to low.\n\n* Red Hat OpenShift Container Platform (OCP) ships a vulnerable version of jackson-databind, but in the affected containers the DOMDeserializer class is not used. Additionally access to the containers is restricted to authenticated users only (OpenShift OAuth authentication) reducing the severity of this vulnerability to Low.\nIn OCP 4 there are no plans to maintain ose-logging-elasticsearch5 container, hence marked as wontfix.\n\n* Red Hat Satellite ships affected version of jackson-databind through Candlepin, however, product code does not use DOMDeserializer class and jackson-databind in a vulnerable way. Thus impact has been set to low. A future release may update jackson-databind to a fixed version.\n\n* Red Hat Single Sign-On (RH-SSO) ships affected version of jackson-databind, however, none of the product code is using the affected class (DOMDeserializer). Thus impact has been set to low. RH-SSO will consume the fixed artifact from EAP in the next CP.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only RHSSO"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-25649"
        },
        {
          "category": "external",
          "summary": "RHBZ#1887664",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887664"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-25649",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-25649"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25649"
        },
        {
          "category": "external",
          "summary": "https://github.com/FasterXML/jackson-databind/issues/2589",
          "url": "https://github.com/FasterXML/jackson-databind/issues/2589"
        }
      ],
      "release_date": "2020-01-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-15T17:14:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only RHSSO"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5533"
        },
        {
          "category": "workaround",
          "details": "There is currently no known mitigation for this flaw.",
          "product_ids": [
            "Text-Only RHSSO"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "Text-Only RHSSO"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE)"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Marek Posolda"
          ],
          "organization": "Red Hat",
          "summary": "This issue was discovered by Red Hat."
        }
      ],
      "cve": "CVE-2020-27826",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "discovery_date": "2020-12-07T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1905089"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in Keycloak before version 12.0.0 where it is possible to update the user\u0027s metadata attributes using Account REST API. This flaw allows an attacker to change its own NameID attribute to impersonate the admin user for any particular application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "keycloak: Account REST API can update user metadata attributes",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Text-Only RHSSO"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2020-27826"
        },
        {
          "category": "external",
          "summary": "RHBZ#1905089",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905089"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2020-27826",
          "url": "https://www.cve.org/CVERecord?id=CVE-2020-27826"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-27826",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27826"
        }
      ],
      "release_date": "2020-12-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2020-12-15T17:14:01+00:00",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Text-Only RHSSO"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2020:5533"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "Text-Only RHSSO"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "keycloak: Account REST API can update user metadata attributes"
    }
  ]
}

GSD-2020-10695

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-10695

Aliases

CVE-2020-10695

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-10695",
    "description": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.",
    "id": "GSD-2020-10695",
    "references": [
      "https://access.redhat.com/errata/RHSA-2020:5533",
      "https://access.redhat.com/errata/RHSA-2020:5529"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-10695"
      ],
      "details": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.",
      "id": "GSD-2020-10695",
      "modified": "2023-12-13T01:22:04.853371Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2020-10695",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "containers/redhat-sso-7",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "redhat-sso 7.4.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-266"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.4.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-10695"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-266"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-03T20:25Z",
      "publishedDate": "2021-05-26T22:15Z"
    }
  }
}

FKIE_CVE-2020-10695

Vulnerability from fkie_nvd - Published: 2021-05-26 22:15 - Updated: 2024-11-21 04:55

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1817530	Issue Tracking, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1817530	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	redhat	single_sign-on	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFE57629-BBA5-4D39-A70D-245E9FB8DE67",
              "versionEndExcluding": "7.4.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo de modificaci\u00f3n no segura del archivo /etc/passwd en el contenedor redhat-sso-7.\u0026#xa0;Un atacante con acceso al contenedor puede usar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios"
    }
  ],
  "id": "CVE-2020-10695",
  "lastModified": "2024-11-21T04:55:52.253",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-26T22:15:07.817",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-266"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    }
  ]
}

GHSA-8CR8-FVMM-H4P4

Vulnerability from github – Published: 2022-05-24 19:03 – Updated: 2022-05-24 19:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-10695"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-26T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.",
  "id": "GHSA-8cr8-fvmm-h4p4",
  "modified": "2022-05-24T19:03:33Z",
  "published": "2022-05-24T19:03:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10695"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817530"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-10695 (GCVE-0-2020-10695)

RHSA-2020:5529

RHSA-2020:5533

GSD-2020-10695

FKIE_CVE-2020-10695

GHSA-8CR8-FVMM-H4P4

Tags

Sightings

Nomenclature