97 matches found
CVE-2025-57852 Openshift-ai: privilege escalation via excessive /etc/passwd permissions
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
CVE-2025-57852
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...
PT-2025-39995
Name of the Vulnerable Software and Affected Versions KServe ModelMesh container images affected versions not specified Description A container privilege escalation flaw exists due to the /etc/passwd file being created with group-writable permissions during the build process. An attacker with the...
Linux Distros Unpatched Vulnerability : CVE-2025-5791
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than...
CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
SUSE CVE-2025-5689
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
GO-2025-3762 New authd users logging in via SSH are members of the root group in github.com/ubuntu/authd
New authd users logging in via SSH are members of the root group in github.com/ubuntu/authd...
Improper Access Control
github.com/ubuntu/authd is vulnerable to Improper Access Control. The vulnerability is due to flawed temporary user record handling due to a defect in pre-auth NSS where first-time logins are mistakenly treated as part of the root group during the SSH session...
CVE-2025-5689
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root group. An attacker can gain elevated privileges by authenticating as a new user through SSH...
Incorrect Privilege Assignment
Overview github.com/ubuntu/authd/internal/users is an authentication daemon for external Broker Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root grou...
GHSA-G8QW-MGJX-RWJR New authd users logging in via SSH are members of the root group
Impact When an authd user logs in via SSH for the first time meaning they do not yet exist in the authd user database and successfully authenticates via the configured broker, the user is considered a member of the root group in the context of that SSH session. This situation may allow the user t...
CVE-2025-5689
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
CVE-2025-5689 Improper Permission Management in SSH Session Handling
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
CVE-2025-5689 Improper Permission Management in SSH Session Handling
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
CVE-2025-5689 Improper Permission Management in SSH Session Handling
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session...
Authd 安全漏洞
Authd is a cloud-based authentication daemon for identity providers in the Ubuntu open source. A security vulnerability exists in Authd versions prior to 0.5.4, which stems from a temporary user logging issue that could result in a user being incorrectly recognized as the root group...
PT-2025-25549 · Openssh · Openssh
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context...
SUSE CVE-2025-5791
A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list...
GHSA-JQ8X-V7JW-V675 Duplicate Advisory: users may append `root` to group listings
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...