/etc/passwd is given incorrect privileges

Author:


Keywords:

Status: NEW

Alias:

 CVE-2020-10695

Product:

 Security Response

Classification:

 Other

Component:

vulnerability

Version:

 unspecified

Hardware:

 All

OS:

 Linux
medium
medium

Target Milestone:

Assignee:

 Red Hat Product Security

QA Contact:

Docs Contact:

URL:

Whiteboard:

Depends On:

Blocks:

1776664
TreeView+
depends on /

blocked

 

Reported: 2020-03-26 14:16 UTC by Paramvir jindal
Modified: 2020-03-26 15:37 UTC
(History)
7
users

(show)

Fixed In Version:

Doc Type:

 If docs needed, set a value

Doc Text:

An insecure modification vulnerability in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Clone Of:

Environment:

Last Closed:



Source link

Write a comment:
*

Your email address will not be published.

RELATED STORIES
vamtam-theme-circle-post
Category Product Vulnerabilities

Working from home and your Cyber Security

April 8, 2020
Cyber-attacks can bring public infrastructure to its knees, disrupt business operations, create reputational and brand...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Django 3.0 – Cross-Site Request Forgery Token Bypass

April 8, 2020
# Exploit Title: Django 3.0 - Cross-Site Request Forgery Token Bypass # Date: 2020-04-08 #...
Read More
Category Product Vulnerabilities

Cross-site request forgery in WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X plugin

April 8, 2020
This security advisory describes one low risk vulnerability. 1) Cross-site request forgery Severity: Low CVSSv3:...
Read More
vamtam-theme-circle-post
Category Product Vulnerabilities

Report shows spike in cyber attacks during Covid-19 lockdown – All 4 Women

April 8, 2020
The Covid-19 global pandemic forcing millions of office workers to become remote workers has created...
Read More
Category Product Vulnerabilities

Nagios XI Cross-Site Scripting (CVE-2019-20139)

April 8, 2020
A cross-site scripting vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow...
Read More
Category Product Vulnerabilities

Chadha PHPKB Remote Code Execution (CVE-2020-10386; CVE-2020-10389)

April 8, 2020
A remote code execution vulnerability exists in Chadha PHPKB. Successful exploitation of this vulnerability could...
Read More
Category Product Vulnerabilities

4月8日每日安全热点 – Hoaxcalls DDoS 僵尸网络利用 Grandstream 和 DrayTek 设备漏洞

April 8, 2020
. 阅读量 5382 Hoaxcalls DDoS 僵尸网络利用 Grandstream 和 DrayTek 设备漏洞. 时间紧迫,公网上存在 35万台 Microsoft Exchange 服务器还未修复...
Read More
Category Product Vulnerabilities

Memory safety bugs fixed in Firefox 75 and Firefox ESR 68.7

April 8, 2020
Description Marian Rehak 2020-04-07 12:09:43 UTC Mozilla developers reported memory safety bugs present in Firefox...
Read More
Category Product Vulnerabilities

Uninitialized memory could be read when using the WebGL copyTexSubImage method

April 8, 2020
When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method,...
Read More
Category Product Vulnerabilities

Out of bounds write in GMPDecodeData when processing large images

April 8, 2020
Description Marian Rehak 2020-04-07 12:06:10 UTC On 32-bit builds, an out of bounds write could...
Read More
digitpol
scale
element-support
Call Center
+31 55 8448040
element-map
Location

Global

International Cyber Crime Investigation

Digitpol is licensed by the Ministry of Justice: Licence Number POB1557

©Digitpol. All images and content are copyright of Digitpol and can not be used, replicated or reproduced without written permission. 2019.

Privacy  /   Terms and Policy   /   Site map  /   Contact