CVE-2019-19346 - OpenCVE

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openshift

Configuration 1 [-]

OR	cpe:2.3:a:redhat:openshift::::::::
	cpe:2.3:a:redhat:openshift::::::::
	cpe:2.3:a:redhat:openshift::::::::
	cpe:2.3:a:redhat:openshift::::::::

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2020-04-02T19:12:29

Updated: 2020-04-02T19:12:29

Reserved: 2019-11-27T00:00:00

Link: CVE-2019-19346

JSON object: View

NVD Information

Status : Modified

Published: 2020-04-02T20:15:15.317

Modified: 2023-11-07T03:07:38.633

Link: CVE-2019-19346

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "openshift/mariadb-apb", "vendor": "Openshift Enterprise", "versions": [{"status": "affected", "version": "Fixed in 4.3.5-202003020549"}, {"status": "affected", "version": "Fixed in 4.2.21-202002240343"}, {"status": "affected", "version": "Fixed in 4.1.37-202003021622"}, {"status": "affected", "version": "Fixed in 3.11.188-4"}]}], "descriptions": [{"lang": "en", "value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-02T19:12:29", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-19346", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "openshift/mariadb-apb", "version": {"version_data": [{"version_value": "Fixed in 4.3.5-202003020549"}, {"version_value": "Fixed in 4.2.21-202002240343"}, {"version_value": "Fixed in 4.1.37-202003021622"}, {"version_value": "Fixed in 3.11.188-4"}]}}]}, "vendor_name": "Openshift Enterprise"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."}]}, "impact": {"cvss": [[{"vectorString": "7.0/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-266"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-19346", "datePublished": "2020-04-02T19:12:29", "dateReserved": "2019-11-27T00:00:00", "dateUpdated": "2020-04-02T19:12:29", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "E99FF97F-2A6C-4589-996B-FACCAFAE56E3", "versionEndExcluding": "3.11.188-4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "9F64F6AE-D8DF-490B-991F-F90D705945F5", "versionEndExcluding": "4.1.37", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "E3A6C41B-575B-486E-AC21-429F507E1447", "versionEndExcluding": "4.2.21", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:*:*:*:*", "matchCriteriaId": "15747A3D-8D4B-42B6-A210-C9E533067A7B", "versionEndExcluding": "4.3.5", "versionStartIncluding": "4.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 . An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad de modificaci\u00f3n no segura en el archivo /etc/passwd en el contenedor openshift/mariadb-apb, que afecta a las versiones anteriores a las siguientes 4.3.5, 4.2.21, 4.1.37 y 3.11.188-4. Un atacante con acceso al contenedor podr\u00eda utilizar este fallo para modificar el archivo /etc/passwd y escalar sus privilegios."}], "id": "CVE-2019-19346", "lastModified": "2023-11-07T03:07:38.633", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2020-04-02T20:15:15.317", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19346"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-266"}], "source": "secalert@redhat.com", "type": "Secondary"}]}