CVE Vulnerabilities

CVE-2020-1742

Incorrect Privilege Assignment

Published: Jun 07, 2021 | Modified: Nov 21, 2024
CVSS 3.x
7
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
4.4 MEDIUM
AV:L/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7 MODERATE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu

An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Kubernetes-nmstate Nmstate * 2.3.0 (excluding)
RHEL-8-CNV-2.3 RedHat container-native-virtualization/kubevirt-cpu-model-nfd-plugin:v2.3.0-9 *
RHEL-8-CNV-2.3 RedHat container-native-virtualization/kubevirt-cpu-node-labeller:v2.3.0-9 *
RHEL-8-CNV-2.3 RedHat container-native-virtualization/kubevirt-kvm-info-nfd-plugin:v2.3.0-9 *

Potential Mitigations

References