3 matches found
CVE-2025-8766
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...
CVE-2025-8766
CVE-2025-8766 affects Noobaa-core container images (Multi-Cloud Object Gateway Core). The root cause is that /etc/passwd is created with group-writable permissions during build, allowing a non-root attacker with membership in the root group to modify /etc/passwd and create a user with any UID (in...
Security Bulletin: IBM DataPower Operator affected by flaw in Go (CVE-2022-23773)
Summary This is a build-time issue that does not affect product code, but may be flagged in customer scans. IBM has addressed the CVE. Vulnerability Details CVEID: CVE-2022-23773 DESCRIPTION: An unspecified error with not treating branches with semantic-version names as releases in cmd/go in Gola...