CVE-2020-1690
Last modified
CVE-2020-1690 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openstack-Selinux | < 0.8.24 |
| Redhat | Openstack Platform | 15.0 |
| Redhat | Openstack Platform | 16.1 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1789640Issue Tracking, Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1789640Issue Tracking, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-1690?
How severe is CVE-2020-1690?
How do I fix CVE-2020-1690?
Are you affected by CVE-2020-1690?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST