Insecure Modification Vulnerability in OpenShift MediaWiki by Red Hat
CVE-2020-1709

7HIGH

Key Information:

Vendor: [unknown]
Status: Openshift/mediawiki
Vendor: CVE Published:; 20 March 2020

What is CVE-2020-1709?

OpenShift MediaWiki versions before 4.3.0 are vulnerable to an insecure modification flaw affecting the /etc/passwd file. An attacker with access to the container can exploit this vulnerability to modify the file, potentially leading to privilege escalation and unauthorized access to the system. It is crucial for users to upgrade to a secure version to mitigate these risks.

Affected Version(s)

openshift/mediawiki

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1709

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2020
Vulnerability Reserved
Nov 27, 2019

[unknown]

What is CVE-2020-1709?

Affected Version(s)

References

CVSS V3.1

Timeline