18 matches found
EUVD-2025-23951
Malicious code in bioql PyPI...
SUSE CVE-2025-7195
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
CVE-2025-7195
Technical details about CVE-2025-7195 are not publicly available in the provided documents; monitor for updates.
CVE-2025-7195
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, usersetup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used...
PT-2025-32307
Name of the Vulnerable Software and Affected Versions Operator-SDK versions prior to 0.15.2 Description Early versions of Operator-SDK included an insecure method for operator containers to run in environments utilizing a random UID. A script, user setup, modified the permissions of the /etc/pass...
operator-sdk-1.39.0-1.1 on GA media (moderate)
operator-sdk-1.39.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:14634-1 Rating: moderate Cross-References: CVE-2024-45338 CVE-2025-21614 CVSS scores: CVE-2024-45338 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2024-45338 SUSE : 8.2...
OPENSUSE-SU-2025:14634-1 operator-sdk-1.39.0-1.1 on GA media
These are all security issues fixed in the operator-sdk-1.39.0-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as...
CVE-2019-19355
CVE-2019-19355 affects openshift/ocp-release-operator-sdk (and is tied to openshift/ansible-operator-container in OpenShift 4). The vulnerability is an insecure modification flaw in /etc/passwd that could allow an attacker with container access to modify /etc/passwd and escalate privileges. Multi...
PT-2020-10147 · Red Hat · Openshift/Ocp-Release-Operator-Sdk +2
Name of the Vulnerable Software and Affected Versions: openshift/ocp-release-operator-sdk affected versions not specified openshift/ansible-operator-container as shipped in Openshift 4 affected versions not specified Description: An insecure modification vulnerability in the /etc/passwd file was...
Insecure File Permissions
github.com/openshift/ocp-release-operator-sdk configures an insecure file permission for /etc/passwd. Any local user is able to modify the contents within the /etc/passwd file. This allows an attacker to escalate privileges by creating a new user with higher privileges and switching to the new us...
CVE-2019-19355
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges...
CVE-2019-11324
The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use o...