6.4
CVE-2025-8766
- EPSS 0.16%
- Veröffentlicht 13.03.2026 02:48:19
- Zuletzt bearbeitet 09.07.2026 16:16:33
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Openshift Data Foundation Version4.0
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.059 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 6.4 | 0.5 | 5.9 |
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-276 Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
https://bugzilla.redhat.com/show_bug.cgi?id=2387265
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-8766.json
https://access.redhat.com/errata/RHSA-2026:37387
https://access.redhat.com/security/cve/CVE-2025-8766