CVE-2020-1708
HIGH
7.0
Our Analysis: General Purpose
Our model has classified this vulnerability as relevant to General Purpose Systems, helping your team prioritize efforts effectively.
Published Date
February 7, 2020
Last Modified
November 21, 2024
CVSS Vector
Not Available
Description
It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.