Lucene search
K

97 matches found

Vulnrichment
Vulnrichment
added 2025/09/30 2:37 p.m.3 views

CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS7AI score0.00147EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/09/30 2:36 p.m.5 views

CVE-2025-57852

A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

5.2CVSS7.3AI score0.00147EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.6 views

PT-2025-39995

Name of the Vulnerable Software and Affected Versions KServe ModelMesh container images affected versions not specified Description A container privilege escalation flaw exists due to the /etc/passwd file being created with group-writable permissions during the build process. An attacker with the...

5.2CVSS7.1AI score0.00147EPSS
Exploits0References15
Tenable Nessus
Tenable Nessus
added 2025/08/19 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-5791

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than...

7.1CVSS5.8AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2025/08/07 7:5 p.m.3 views

CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...

6.4CVSS7.3AI score0.0022EPSS
Exploits0References31
SUSE CVE
SUSE CVE
added 2025/08/04 11:25 p.m.8 views

SUSE CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS6.6AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2025/07/28 7:57 p.m.4 views

GO-2025-3762 New authd users logging in via SSH are members of the root group in github.com/ubuntu/authd

New authd users logging in via SSH are members of the root group in github.com/ubuntu/authd...

8.5CVSS6.2AI score0.00255EPSS
Exploits0References3
Veracode
Veracode
added 2025/06/20 10:27 a.m.7 views

Improper Access Control

github.com/ubuntu/authd is vulnerable to Improper Access Control. The vulnerability is due to flawed temporary user record handling due to a defect in pre-auth NSS where first-time logins are mistakenly treated as part of the root group during the SSH session...

8.5CVSS8.3AI score0.00255EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/06/18 12:19 p.m.5 views

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS8.3AI score0.00255EPSS
Exploits0References1
Snyk
Snyk
added 2025/06/16 4:1 p.m.2 views

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root group. An attacker can gain elevated privileges by authenticating as a new user through SSH...

8.5CVSS7.2AI score0.00255EPSS
Exploits0References2
Snyk
Snyk
added 2025/06/16 4:1 p.m.1 views

Incorrect Privilege Assignment

Overview github.com/ubuntu/authd/internal/users is an authentication daemon for external Broker Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root grou...

8.5CVSS7.2AI score0.00255EPSS
Exploits0References2
OSV
OSV
added 2025/06/16 4:1 p.m.10 views

GHSA-G8QW-MGJX-RWJR New authd users logging in via SSH are members of the root group

Impact When an authd user logs in via SSH for the first time meaning they do not yet exist in the authd user database and successfully authenticates via the configured broker, the user is considered a member of the root group in the context of that SSH session. This situation may allow the user t...

6.4CVSS6.9AI score0.00255EPSS
Exploits0References4
NVD
NVD
added 2025/06/16 12:15 p.m.13 views

CVE-2025-5689

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS0.00255EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/16 11:37 a.m.5 views

CVE-2025-5689 Improper Permission Management in SSH Session Handling

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS6.3AI score0.00255EPSS
Exploits0References1
OSV
OSV
added 2025/06/16 11:37 a.m.8 views

CVE-2025-5689 Improper Permission Management in SSH Session Handling

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS6AI score0.00255EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/16 11:37 a.m.23 views

CVE-2025-5689 Improper Permission Management in SSH Session Handling

A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...

8.5CVSS0.00255EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/16 12:0 a.m.5 views

Authd 安全漏洞

Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.5.4, which stems from a temporary user logging issue that could result in a user being incorrectly recognized as the root group...

8.5CVSS6.5AI score0.00255EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.12 views

PT-2025-25549 · Openssh · Openssh

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context...

8.5CVSS5.9AI score0.00255EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2025/06/07 1:59 a.m.6 views

SUSE CVE-2025-5791

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...

7.1CVSS6.9AI score0.00166EPSS
Exploits0References10
OSV
OSV
added 2025/06/06 3:30 p.m.3 views

GHSA-JQ8X-V7JW-V675 Duplicate Advisory: users may append `root` to group listings

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...

7.1CVSS5.7AI score0.00166EPSS
Exploits0References7
Rows per page
Query Builder