PT-2020-14908 · Red Hat · Openshift/Mediawiki

Joseph Lamagna-Reiter

Published

2020-03-20

Updated

2023-02-12

CVE-2020-1709

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions openshift/mediawiki versions prior to 4.3.0

Description A vulnerability was found in the openshift/mediawiki, where an insecure modification vulnerability in the /etc/passwd file allows an attacker with access to the container to modify /etc/passwd and escalate their privileges. The attacker can use this flaw to gain elevated access.

Recommendations For versions prior to 4.3.0, update to version 4.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the /etc/passwd file to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2020-1709

Affected Products

Openshift/Mediawiki

PT-2020-14908 · Red Hat · Openshift/Mediawiki

CVE-2020-1709

Weakness Enumeration

Related Identifiers

Affected Products

References · 4