CVE-2020-1704 is a vulnerability in Red Hat Openshift Service Mesh
Published on February 17, 2020
An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.
Vulnerability Analysis
CVE-2020-1704 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2020-1704
Want to know whenever a new CVE is published for Red Hat Openshift Service Mesh? stack.watch will email you.
Affected Versions
Red Hat openshift-service-mesh/kiali-rhel7-operator Version All maistra versions before 1.0.8 is affected by CVE-2020-1704Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.