CVE-2020-1742
07.06.2021, 20:15
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.Enginsight
| Vendor | Product | Version |
|---|---|---|
| nmstate | kubernetes-nmstate | 𝑥 < 2.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-266 - Incorrect Privilege AssignmentA product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
- CWE-732 - Incorrect Permission Assignment for Critical ResourceThe product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.