Insecure Modification Vulnerability in OpenShift PostgreSQL APB
CVE-2020-1707

7HIGH

Key Information:

Vendor: [unknown]
Status: Openshift/postgresql-apb
Vendor: CVE Published:; 20 March 2020

What is CVE-2020-1707?

A vulnerability exists in OpenShift's PostgreSQL APB versions 4.x.x prior to 4.3.0, which allows an unauthorized attacker with access to the container to modify the /etc/passwd file. This insecure modification can lead to privilege escalation, enabling the attacker to gain elevated permissions within the container environment.

Affected Version(s)

openshift/postgresql-apb

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1707

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Nov 27, 2019

[unknown]

What is CVE-2020-1707?

Affected Version(s)

References

CVSS V3.1

Timeline