Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2020-1690

Published: Jun 07, 2021 | Modified: Jul 25, 2022
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVSS 2.x
4.9 MEDIUM
AV:L/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-1690
CWEhttps://cwe.mitre.org/data/definitions/NVD-Other.html

An improper authorization flaw was discovered in openstack-selinuxs applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

Affected Software

Name Vendor Start Version End Version
Openstack-selinux Redhat * 0.8.24 (excluding)
Red Hat OpenStack Platform 16.1 RedHat openstack-selinux-0:0.8.24-1.20200914163011.26243bf.el8ost *

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use