Base Score

HIGH7

CVE-2020-1742

An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.

VectorLOCAL

Published Bysecalert@redhat.com

Published DateJun 07, 2021, 20:15

Affected Versions(1)

github.com/nmstate/kubernetes-nmstate(Go)

Introduced0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
github.com/nmstate/kubernetes-nmstate(Go)	0	N/A	N/A

Weakness Type (CWE):CWE-732

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://bugzilla.redhat.com/show_bug.cgi?id=1803608

Base Score

HIGH7

Weakness Type (CWE):CWE-732

CVSS Metrics

Base Score

Vector String

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

HIGH

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH