Insecure Modification Vulnerability in OpenShift MediaWiki-APB
CVE-2019-19345

7HIGH

Key Information:

Vendor: [unknown]
Status: Openshift/mediawiki-apb
Vendor: CVE Published:; 20 March 2020

What is CVE-2019-19345?

An insecure modification vulnerability exists in all versions of the OpenShift MediaWiki-APB prior to 4.3.0. This flaw allows an attacker with access to the container to potentially alter the /etc/passwd file. Such modifications can lead to privilege escalation, enabling the attacker to gain higher-level permissions within the system.

Affected Version(s)

openshift/mediawiki-apb

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19345

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Nov 27, 2019

[unknown]

What is CVE-2019-19345?

Affected Version(s)

References

CVSS V3.1

Timeline