Vulnerabilities
Vulnerable Software
Redhat:  >> Openshift  >> 4.0  Security Vulnerabilities
An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-03-18
An insecure modification vulnerability in the /etc/passwd file was found in the openshift/ocp-release-operator-sdk. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/ansible-operator-container as shipped in Openshift 4.
CVSS Score
7.0
EPSS Score
0.001
Published
2020-03-18
During installation of an OpenShift 4 cluster, the `openshift-install` command line tool creates an `auth` directory, with `kubeconfig` and `kubeadmin-password` files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.
CVSS Score
4.4
EPSS Score
0.001
Published
2020-03-18


Contact Us

Shodan ® - All rights reserved