PT-2021-10085 · Unknown · Kubernetes-Nmstate-Handler-Container

Published

2021-06-07

Updated

2022-07-25

CVE-2020-1742

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: kubernetes-nmstate-handler-container versions prior to v2.3.0-30

Description: An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Recommendations: For versions prior to v2.3.0-30, update to a version equal to or later than v2.3.0-30 to resolve the issue. As a temporary workaround, consider restricting access to the container to minimize the risk of exploitation.

Exploit

Fix

Incorrect Privilege Assignment

Incorrect Permission

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-732CWE-269

Related Identifiers

CVE-2020-1742

GHSA-JW82-XJGR-G6F8

Affected Products

Kubernetes-Nmstate-Handler-Container

PT-2021-10085 · Unknown · Kubernetes-Nmstate-Handler-Container

CVE-2020-1742

Weakness Enumeration

Related Identifiers

Affected Products

References · 6