What is the vulnerability ID of this security flaw?

The vulnerability ID of this security flaw is CVE-2020-1690.

What is the severity level of CVE-2020-1690?

CVE-2020-1690 has a severity level of medium.

What is the affected software by CVE-2020-1690?

The affected software by CVE-2020-1690 includes openstack-selinux version 0.8.24, Redhat Openstack-selinux version up to exclusive 0.8.24, Redhat Openstack Platform version 15.0, and Redhat Openstack Platform version 16.1.

How can the vulnerability be fixed?

To fix CVE-2020-1690, it is recommended to apply the remedy version 0.8.24 for openstack-selinux or upgrade to a higher version of Redhat Openstack Platform.

Is there any reference for more information about CVE-2020-1690?

Yes, you can find more information about CVE-2020-1690 at the following references: [Bugzilla Bug 1789640](https://bugzilla.redhat.com/show_bug.cgi?id=1789640) and [Bugzilla Bug 1738134](https://bugzilla.redhat.com/show_bug.cgi?id=1738134).

Vulnerability/
CVE-2020-1690

medium

6.5

CWE

285

10/1/2020

7/6/2021

4/8/2024

CVE-2020-1690

First published: Fri Jan 10 2020(Updated: )

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/openstack-selinux	<0.8.24	0.8.24
Redhat Openstack-selinux	<0.8.24
Redhat Openstack Platform	=15.0
Redhat Openstack Platform	=16.1

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID of this security flaw?
The vulnerability ID of this security flaw is CVE-2020-1690.
What is the severity level of CVE-2020-1690?
CVE-2020-1690 has a severity level of medium.
What is the affected software by CVE-2020-1690?
The affected software by CVE-2020-1690 includes openstack-selinux version 0.8.24, Redhat Openstack-selinux version up to exclusive 0.8.24, Redhat Openstack Platform version 15.0, and Redhat Openstack Platform version 16.1.
How can the vulnerability be fixed?
To fix CVE-2020-1690, it is recommended to apply the remedy version 0.8.24 for openstack-selinux or upgrade to a higher version of Redhat Openstack Platform.
Is there any reference for more information about CVE-2020-1690?
Yes, you can find more information about CVE-2020-1690 at the following references: [Bugzilla Bug 1789640](https://bugzilla.redhat.com/show_bug.cgi?id=1789640) and [Bugzilla Bug 1738134](https://bugzilla.redhat.com/show_bug.cgi?id=1738134).

collector/nvd-index
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/author
agent/severity
agent/references
agent/weakness
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-1690
agent/software-canonical-lookup
agent/tags
agent/event
collector/mitre-cve
source/MITRE
vendor/redhat
canonical/redhat openstack-selinux
canonical/redhat openstack platform
version/redhat openstack platform/15.0
version/redhat openstack platform/16.1
package-manager/redhat

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.