Lucene search
+L

11 matches found

euvd
euvd
added 2025/12/02 9:31 p.m.5 views

EUVD-2025-200300

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

5.2CVSS6.8AI score0.00167EPSS
Exploits0References3
nvd
nvd
added 2025/12/02 7:15 p.m.6 views

CVE-2025-57850

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS0.00167EPSS
Exploits0References2
cvelist
cvelist
added 2025/12/02 6:53 p.m.19 views

CVE-2025-57850 Codeready-ws: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain CodeReady Workspaces images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a...

6.4CVSS0.00167EPSS
Exploits0References2
cve
cve
added 2025/12/02 6:53 p.m.13 views

CVE-2025-57850

CVE-2025-57850 describes a container privilege escalation in CodeReady Workspaces images. The root cause is that the build process creates /etc/passwd with group-writable permissions, enabling a container user (even non-root) to leverage membership in the root group to modify /etc/passwd and add ...

6.4CVSS6.9AI score0.00167EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-6509

Malware in sbrugna...

7.1CVSS6.9AI score0.00507EPSS
Exploits1References2
osv
osv
added 2020/12/14 9:15 p.m.16 views

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

7.1CVSS6.9AI score
Exploits0References1
nvd
nvd
added 2020/12/14 9:15 p.m.26 views

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

7.1CVSS7AI score0.00507EPSS
Exploits1References1
prion
prion
added 2020/12/14 9:15 p.m.17 views

Cross site request forgery (csrf)

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

4.6CVSS7AI score0.00507EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2020/12/14 8:5 p.m.40 views

CVE-2020-14368

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. When configured with cookies authentication, Theia IDE doesn't properly set the SameSite value, allowing a Cross-Site Request Forgery CSRF and consequently allowing a cross-site WebSocket hijack on Thei...

7.1AI score0.00507EPSS
Exploits1References1
cve
cve
added 2020/12/14 8:5 p.m.62 views

CVE-2020-14368

CVE-2020-14368 affects Eclipse Che (versions prior to 7.14.0) when cookie-based authentication is configured, enabling CSRF due to Theia IDE not setting SameSite correctly and enabling a cross-site WebSocket hijack on the /services endpoint. Attack scenario involves MITM and tricking the user int...

7.1CVSS7AI score0.00507EPSS
Exploits1References1Affected Software1
redhat
redhat
added 2020/04/14 7:26 p.m.92 views

Moderate: Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release

Red Hat CodeReady Workspaces 2.1.0 has been released. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

9.3CVSS6.7AI score0.34007EPSS
Exploits3References14
Rows per page
Query Builder