19 matches found
EUVD-2019-8975
Malware in sbrugna...
EUVD-2019-8973
Malware in sbrugna...
Privilege Escalation
github.com/operator-framework/operator-sdk is vulnerable to Privilege Escalation. The vulnerability is due to the usersetup script setting /etc/passwd to group-writable, allowing attackers to modify it and gain root privileges within the container...
GO-2025-3852 operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd in github.com/operator-framework/operator-sdk
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd in github.com/operator-framework/operator-sdk...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to incorrect permissions set on the /etc/passwd file during the build process. An attacker can gain elevated privileges by modifying the /etc/passwd file if they have the ability to execute commands...
Security Bulletin: Multiple operator framework security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
Summary Golang Go is used by IBM Robotic Process Automation for Cloud Pak as part of the operator framework CVE-2022-2879, CVE-2022-2880, CVE-2022-41715, CVE-2022-41716, CVE-2022-41724, CVE-2022-41725, CVE-2023-24534, CVE-2023-24536, CVE-2023-24537, CVE-2023-24538. Containerd is used by IBM Robot...
ai.h2o:sparkling-water-core_2.11 (>=3.32.0.1-2-2.1 <=3.36.0.2-1-2.4), ai.h2o:sparkling-water-doc_2.11 (>=3.34.0.3-1-2.2 <=3.36.0.2-1-2.4) +253 more potentially affected by CVE-2021-20218 via io.fabric8:kubernetes-client (>=4.2.0 <=4.7.1)
io.fabric8:kubernetes-client MAVEN version =4.2.0, =3.32.0.1-2-2.1, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =3.34.0.3-1-2.2, =0.0.1, =1.9.51, =1.1.1, =7.4.1, =7.4.1play2.6, =23.1.0play2.7, =0.0.1, =0.0.1, =0.3.6, =0.2.0, =0.2.0, =0.3.9 and more Source cves: CVE-2021-20218 Source advisory: OSV:GHSA-JWH...
Low: Red Hat Enhancement Advisory: ACS 3.62 enhancement update
Red Hat Advanced Cluster security releases a new Operator to simplify installation and accelerate security use cases. To accelerate implementation of security use cases the Red Hat Advanced Cluster security team has released a new Operator as the primary source of installation on OpenShift 4.6 an...
CVE-2019-19352
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-19352
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-19354
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
Design/Logic Flaw
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-19354
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-19352
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto as shipped in Red Hat Openshift 4. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
PT-2021-9024 · Red Hat · Red Hat Openshift
Name of the Vulnerable Software and Affected Versions: Red Hat Openshift 4 affected versions not specified Description: An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop. An attacker with access to the container could use this flaw to modify...
PT-2021-9022 · Red Hat · Operator-Framework/Presto
Name of the Vulnerable Software and Affected Versions: operator-framework/presto as shipped in Red Hat Openshift 4 affected versions not specified Description: The issue is related to an insecure modification vulnerability in the /etc/passwd file. An attacker with access to the container could...
CVE-2019-19352
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/presto. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-19353
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hive. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-19354
An insecure modification vulnerability in the /etc/passwd file was found in the operator-framework/hadoop. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...