CVE-2019-19355

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as...

CVE-2019-19355

CVE-2019-19355 affects openshift/ocp-release-operator-sdk (and is tied to openshift/ansible-operator-container in OpenShift 4). The vulnerability is an insecure modification flaw in /etc/passwd that could allow an attacker with container access to modify /etc/passwd and escalate privileges. Multi...

PT-2020-10147 · Red Hat · Openshift/Ocp-Release-Operator-Sdk +2

Name of the Vulnerable Software and Affected Versions: openshift/ocp-release-operator-sdk affected versions not specified openshift/ansible-operator-container as shipped in Openshift 4 affected versions not specified Description: An insecure modification vulnerability in the /etc/passwd file was...

Insecure File Permissions

github.com/openshift/ocp-release-operator-sdk configures an insecure file permission for /etc/passwd. Any local user is able to modify the contents within the /etc/passwd file. This allows an attacker to escalate privileges by creating a new user with higher privileges and switching to the new us...

CVE-2019-19355

An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...