An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openshift_service_mesh | Redhat | * | 1.0.8 (excluding) |
Openshift Service Mesh 1.1 | RedHat | openshift-service-mesh/kiali-rhel7-operator:1.12.12-2 | * |