First published: Mon Feb 17 2020(Updated: )
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Redhat Openshift Service Mesh | <1.0.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2020-1704.
The severity level of CVE-2020-1704 is high.
The affected software of CVE-2020-1704 is Redhat Openshift Service Mesh before version 1.0.8.
The Common Weakness Enumeration (CWE) number for CVE-2020-1704 is 732 and 266.
To fix the insecure modification vulnerability, update OpenShift ServiceMesh to version 1.0.8 or later.