CVE-2020-1705

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions openshift/template-service-broker-operator versions prior to 4.3.0

Description A flaw was discovered in the openshift/template-service-broker-operator, where an insecure modification vulnerability in the /etc/passwd file allows an attacker with access to the container to modify /etc/passwd and escalate their privileges. The API endpoint /etc/passwd is affected.

Recommendations For versions prior to 4.3.0, update to version 4.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the container to minimize the risk of exploitation.

Fix

Incorrect Privilege Assignment

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-732

Related Identifiers

CVE-2020-1705

Affected Products

Openshift/Template-Service-Broker-Operator

CVE-2020-1705

Weakness Enumeration

Related Identifiers

Affected Products

References · 3