CVE-2020-1690

EPSS 0.1%
Published 07.06.2021 20:15:07
Last modified 21.11.2024 05:11:10
Source secalert@redhat.com
Teams watchlist Login
Open Login

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openstack-selinux Version < 0.8.24

Redhat ≫ Openstack Platform Version15.0

Redhat ≫ Openstack Platform Version16.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.248

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://bugzilla.redhat.com/show_bug.cgi?id=1789640

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-1690

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1690

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1690

EUVD