/etc/passwd is given incorrect privileges

Author:


Keywords:

Status: NEW

Alias:

 CVE-2020-10695

Product:

 Security Response

Classification:

 Other

Component:

vulnerability

Version:

 unspecified

Hardware:

 All

OS:

 Linux
medium
medium

Target Milestone:

Assignee:

 Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

Blocks:

1776664
TreeView+
depends on /

blocked

 

Reported: 2020-03-26 14:16 UTC by Paramvir jindal
Modified: 2020-03-26 15:37 UTC
(History)
7
users

(show)

Fixed In Version:

Doc Type:

 If docs needed, set a value

Doc Text:

An insecure modification vulnerability in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Clone Of:

Environment:

Last Closed:



Source link

You must be logged in to post a comment.

RELATED STORIES
Category Product Vulnerabilities

2020-29072 | LiquidFiles cross site scripting

November 25, 2020
CVSS Meta Temp Score CVSS is a standardized scoring system to determine possibilities of attacks....
Read More
Category Product Vulnerabilities

CologneBlue Skin up to 1.35 on MediaWiki qbfind Message CologneBlueTemplate.php cross site scripting

November 24, 2020
A vulnerability classified as problematic was found in CologneBlue Skin up to 1.35 on MediaWiki....
Read More
Category Product Vulnerabilities

GitHub fixes high severity security flaw spotted by Google (ZDNet Latest News)

November 23, 2020
GitHub fixes ‘high severity’ security flaw spotted by Google. Two weeks after Google disclosed a...
Read More
Category Product Vulnerabilities

CVE-2020-24365 Gemtek WRTM-127ACN 和 Gemtek WRTM-127×9 安全漏洞 -漏洞情报、漏洞详情、安全漏洞、CVE

November 22, 2020
[*] # Exploit Title: Gemtek WVRTM-127ACN 01.01.02.141 - Authenticated Arbitrary Command Injection # Date: 13/09/2020...
Read More
Category Product Vulnerabilities

SUSE: 2020:3477-1 important: postgresql96>

November 21, 2020
An update that fixes three vulnerabilities is now available. SUSE Security Update: Security update for...
Read More
Category Product Vulnerabilities

Odyssey jailbreak picks up support for iOS 13.5.1-13.7 thanks to new exploit

November 20, 2020
The Odyssey Team updated its iOS 13-centric Odyssey jailbreak tool at the crack of dawn...
Read More
Category Product Vulnerabilities

【安全通报】Drupal 远程代码执行漏洞(CVE-2020-13671)

November 19, 2020
Drupal是使用PHP语言编写的开源内容管理框架。 近日 Drupal官方发布安全更新,修复了 CVE-2020-13671 Drupal 远程代码执行漏洞。由于Drupal core 没有正确地处理上传文件中的某些文件名,攻击者通过上传恶意文件,在某些特定的配置下可能会被当作 php 解析,从而导致远程代码执行。Drupal 用户应尽快采取安全措施阻止漏洞攻击。 影响范围 Drupal 9.0.8; Drupal...
Read More
Category Product Vulnerabilities

Multiple vulnerabilities in Schneider Electric Interactive Graphical SCADA System

November 18, 2020
Risk High Patch available YES Number of vulnerabilities 9 CVE ID CVE-2020-7550CVE-2020-7551CVE-2020-7552CVE-2020-7553CVE-2020-7554CVE-2020-7555CVE-2020-7556CVE-2020-7557CVE-2020-7558 CWE ID CWE-119CWE-787CWE-125...
Read More
Category Product Vulnerabilities

Το update KB4586786 δημιουργεί σφάλμα στο Kerberos

November 17, 2020
Η Microsoft εργάζεται για τη διόρθωση ενός σφάλματος στο update KB4586786 που κυκλοφόρησε την προηγούμενη...
Read More
Category Product Vulnerabilities

Apche Solr 未授权上传漏洞(CVE-2020-13957) – FreeBuf网络安全行业门户

November 16, 2020
0x00简介 Solr 是一个开源的企业级搜索服务器,底层使用易于扩展和修改的Java 来实现。服务器通信使用标准的HTTP 和XML,所以如果使用Solr 了解Java 技术会有用却不是必须的要求。 Solr 主要特性有:强大的全文检索功能,高亮显示检索结果,动态集群,数据库接口和电子文档(Word ,PDF 等)的处理。而且Solr 具有高度的可扩展,支持分布搜索和索引的复制。 0x01漏洞概述 Apache Solr...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact