Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-1690

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

Published

2021-06-07T20:15:07.843

Last Modified

2024-11-21T05:11:10.473

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

6.9

Weaknesses

Type: Secondary
CWE-285
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	redhat	openstack-selinux	< 0.8.24	Yes
Application	redhat	openstack_platform	15.0	Yes
Application	redhat	openstack_platform	16.1	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=1789640 Issue Tracking, Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1789640 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)