5 matches found
📄 Below Symlink Privilege Escalation
This Python script demonstrates a potential privilege escalation technique related to CVE-2025-27591, leveraging symbolic link symlink manipulation in a logging directory used by the below utility. Versions prior to 0.9.0 are affected...
CVE-2025-8766
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container,...
The vulnerability of the CRI-O Container Engine’s application programming interface allows a attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the CRI-O Container Engine’s application programming interface, a software platform for managing clusters of virtual machines in Kubernetes, stems from the ability to add arbitrary strings to the /etc/passwd file using a specially created environment variable. Exploiting this...
SUSE CVE-2015-3246
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service inconsistent file state by causing an error during the modification. NOTE: this issue can be combined wi...
PT-2021-9022 · Red Hat · Operator-Framework/Presto
Name of the Vulnerable Software and Affected Versions: operator-framework/presto as shipped in Red Hat Openshift 4 affected versions not specified Description: The issue is related to an insecure modification vulnerability in the /etc/passwd file. An attacker with access to the container could...