6.5

CVE-2020-1690

EPSS 0.1%
Veröffentlicht 07.06.2021 20:15:07
Zuletzt bearbeitet 21.11.2024 05:11:10
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Openstack-selinux Version < 0.8.24

Redhat ≫ Openstack Platform Version15.0

Redhat ≫ Openstack Platform Version16.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.285

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	4.9	3.9	6.9	AV:L/AC:L/Au:N/C:N/I:N/A:C

CWE-285 Improper Authorization

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

https://bugzilla.redhat.com/show_bug.cgi?id=1789640

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-1690

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-1690

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-1690

EUVD