{ "threat_severity" : "Moderate", "public_date" : "2020-01-21T00:00:00Z", "bugzilla" : { "description" : "openshift/template-service-broker-operator: /etc/passwd is given incorrect privileges", "id" : "1793304", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1793304" }, "cvss3" : { "cvss3_base_score" : "7.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-732", "details" : [ "A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.", "An insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges." ], "statement" : "By default this vulnerability is not exploitable in un-privilieged containers running on OpenShift Container Platform. This is because the system call SETUID and SETGID is blocked by the default seccomp policy.", "acknowledgement" : "Red Hat would like to thank Joseph LaMagna-Reiter (SPR Inc.) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/apb-base:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/apb-tools:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/mariadb-apb:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/mediawiki:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/mediawiki-apb:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/mysql-apb:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-ansible-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-cluster-capacity:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-cluster-logging-operator:v4.2.27-202003310105" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-cluster-nfd-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-csi-external-attacher:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-csi-external-provisioner-rhel7:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-csi-livenessprobe:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-descheduler:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-descheduler-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-efs-provisioner-rhel7:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-egress-dns-proxy:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-egress-http-proxy:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-egress-router:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-elasticsearch-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-ghostunnel:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-jenkins-agent-base:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-local-storage-diskmaker:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-local-storage-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-logging-curator5:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-logging-eventrouter:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-logging-fluentd:v4.2.27-202003310105" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-metering-ansible-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-metering-hadoop:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-metering-hive:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-metering-presto:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-metering-reporting-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-node-feature-discovery:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-sriov-cni:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-sriov-dp-admission-controller:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-sriov-network-config-daemon:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-sriov-network-device-plugin:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/ose-sriov-network-operator:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/postgres-apb:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.2", "release_date" : "2020-04-07T00:00:00Z", "advisory" : "RHBA-2020:1278", "cpe" : "cpe:/a:redhat:openshift:4.2::el7", "package" : "openshift4/postgresql-apb:v4.2.27-202003301126" }, { "product_name" : "Red Hat OpenShift Container Platform 4.3", "release_date" : "2020-03-24T00:00:00Z", "advisory" : "RHSA-2020:0866", "cpe" : "cpe:/a:redhat:openshift:4.3::el7", "package" : "openshift4/ose-template-service-broker-operator:v4.3.7-202003161611" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-1705\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-1705" ], "name" : "CVE-2020-1705", "csaw" : false }