An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openjdk | Oracle | 1.8.0 (including) | 1.8.0 (including) |
Openjdk | Oracle | 11 (including) | 11 (including) |
Red Hat Build of OpenJDK | RedHat | openjdk/openjdk-11-rhel7 | * |
Red Hat Build of OpenJDK | RedHat | ubi8/openjdk-11 | * |
Red Hat Build of OpenJDK | RedHat | redhat-openjdk-18/openjdk18-openshift | * |
Red Hat Build of OpenJDK | RedHat | ubi8/openjdk-8 | * |