Lucene search
Veracode Vulnerability DatabaseVERACODE:26936HistorySep 21, 2020 - 6:26 a.m.
Arbitrary Code Execution
2020-09-2106:26:44
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.001 Low
EPSS
Percentile
33.4%
gce-compute-image-packages is vulnerable to arbitrary code execution. The vulnerability exists through a privilege escalation flaw where a user with membership to the “docker” group is able to run docker and mount the host OS, and to modify /etc/groups to gain administrative privileges.
References
lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html
lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html
cloud.google.com/support/bulletins/#gcp-2020-008
github.com/GoogleCloudPlatform/guest-oslogin/pull/29
gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
Related
debiancve
debiancve
CVE-2020-8907
2020-06-22 14:15:11
cvelist
cvelist
CVE-2020-8907 Priviged Escalation in Google Cloud Platform's Guest-OSLogin
2020-06-22 13:45:25
osv
osv
CVE-2020-8907
2020-06-22 14:15:11
cve
cve
CVE-2020-8907
2020-06-22 14:15:11
prion
prion
Design/Logic Flaw
2020-06-22 14:15:00
nvd
nvd
CVE-2020-8907
2020-06-22 14:15:11
ubuntucve
ubuntucve
CVE-2020-8907
2020-06-22 00:00:00
vulnrichment
vulnrichment
CVE-2020-8907 Priviged Escalation in Google Cloud Platform's Guest-OSLogin
2020-06-22 13:45:25
suse
suse
Security update for google-compute-engine (important)
2020-07-19 00:00:00
Security update for google-compute-engine (important)
2020-07-18 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:2200-1)
2021-06-09 00:00:00
nessus
nessus
openSUSE Security Update : google-compute-engine (openSUSE-2020-996)
2020-07-20 00:00:00
openSUSE Security Update : google-compute-engine (openSUSE-2020-1014)
2020-07-20 00:00:00