Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2020-1742
Vulnerability from cvelistv5
Published
2021-06-07 19:52
Modified
2024-08-04 06:46
Severity ?
EPSS score ?
Summary
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1803608 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1803608 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | nmstate/kubernetes-nmstate-handler |
Version: kubernetes-nmstate-handler-container-v2.3.0-30 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T06:46:30.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "nmstate/kubernetes-nmstate-handler",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "kubernetes-nmstate-handler-container-v2.3.0-30"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T19:52:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nmstate/kubernetes-nmstate-handler",
"version": {
"version_data": [
{
"version_value": "kubernetes-nmstate-handler-container-v2.3.0-30"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-1742",
"datePublished": "2021-06-07T19:52:30",
"dateReserved": "2019-11-27T00:00:00",
"dateUpdated": "2024-08-04T06:46:30.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:nmstate:kubernetes-nmstate:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.3.0\", \"matchCriteriaId\": \"C3437850-22E6-4D92-A83A-82947F91A2B0\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_virtualization:2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81FC5D81-27C6-4993-A728-3F44C1DA6629\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.\"}, {\"lang\": \"es\", \"value\": \"Se ha encontrado un fallo de vulnerabilidad de modificaci\\u00f3n no segura en los contenedores que usan nmstate/kubernetes-nmstate-handler. Un atacante con acceso al contenedor podr\\u00eda usar este fallo para modificar el par\\u00e1metro /etc/passwd y escalar sus privilegios. Las versiones anteriores a kubernetes-nmstate-handler-container-v2.3.0-30 est\\u00e1n afectadas\"}]",
"id": "CVE-2020-1742",
"lastModified": "2024-11-21T05:11:17.363",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-06-07T20:15:08.037",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1803608\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1803608\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-266\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-732\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-1742\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-06-07T20:15:08.037\",\"lastModified\":\"2024-11-21T05:11:17.363\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.\"},{\"lang\":\"es\",\"value\":\"Se ha encontrado un fallo de vulnerabilidad de modificaci\u00f3n no segura en los contenedores que usan nmstate/kubernetes-nmstate-handler. Un atacante con acceso al contenedor podr\u00eda usar este fallo para modificar el par\u00e1metro /etc/passwd y escalar sus privilegios. Las versiones anteriores a kubernetes-nmstate-handler-container-v2.3.0-30 est\u00e1n afectadas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-266\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nmstate:kubernetes-nmstate:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.3.0\",\"matchCriteriaId\":\"C3437850-22E6-4D92-A83A-82947F91A2B0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_virtualization:2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81FC5D81-27C6-4993-A728-3F44C1DA6629\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1803608\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1803608\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]}]}}"
}
}
RHEA-2020:2011
Vulnerability from csaf_redhat
Published
2020-05-04 19:09
Modified
2024-11-22 14:13
Summary
Red Hat Enhancement Advisory: CNV 2.3.0 Images
Notes
Topic
Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Details
Container-native virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following container-native virtualization 2.3.0 images:
RHEL-7-CNV-2.3
==============
kubevirt-ssp-operator-container-v2.3.0-42
RHEL-8-CNV-2.3
==============
hostpath-provisioner-operator-container-v2.3.0-13
kubevirt-cpu-node-labeller-container-v2.3.0-9
kubevirt-metrics-collector-container-v2.3.0-9
kubevirt-template-validator-container-v2.3.0-10
virtio-win-container-v2.3.0-8
node-maintenance-operator-container-v2.3.0-10
hostpath-provisioner-container-v2.3.0-12
kubevirt-kvm-info-nfd-plugin-container-v2.3.0-9
bridge-marker-container-v2.3.0-29
cnv-containernetworking-plugins-container-v2.3.0-30
kubemacpool-container-v2.3.0-28
kubevirt-cpu-model-nfd-plugin-container-v2.3.0-9
kubernetes-nmstate-handler-container-v2.3.0-30
ovs-cni-marker-container-v2.3.0-29
cluster-network-addons-operator-container-v2.3.0-28
ovs-cni-plugin-container-v2.3.0-28
kubevirt-v2v-conversion-container-v2.3.0-11
kubevirt-vmware-container-v2.3.0-11
virt-operator-container-v2.3.0-39
virt-controller-container-v2.3.0-39
virt-handler-container-v2.3.0-39
virt-api-container-v2.3.0-39
virt-launcher-container-v2.3.0-39
virt-cdi-cloner-container-v2.3.0-41
virt-cdi-operator-container-v2.3.0-41
virt-cdi-apiserver-container-v2.3.0-41
virt-cdi-uploadproxy-container-v2.3.0-41
virt-cdi-controller-container-v2.3.0-41
virt-cdi-importer-container-v2.3.0-41
virt-cdi-uploadserver-container-v2.3.0-41
hyperconverged-cluster-operator-container-v2.3.0-61
cnv-must-gather-container-v2.3.0-45
hco-bundle-registry-container-v2.3.0-174
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.",
"title": "Topic"
},
{
"category": "general",
"text": "Container-native virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following container-native virtualization 2.3.0 images:\n\nRHEL-7-CNV-2.3\n==============\nkubevirt-ssp-operator-container-v2.3.0-42\n\nRHEL-8-CNV-2.3\n==============\nhostpath-provisioner-operator-container-v2.3.0-13\nkubevirt-cpu-node-labeller-container-v2.3.0-9\nkubevirt-metrics-collector-container-v2.3.0-9\nkubevirt-template-validator-container-v2.3.0-10\nvirtio-win-container-v2.3.0-8\nnode-maintenance-operator-container-v2.3.0-10\nhostpath-provisioner-container-v2.3.0-12\nkubevirt-kvm-info-nfd-plugin-container-v2.3.0-9\nbridge-marker-container-v2.3.0-29\ncnv-containernetworking-plugins-container-v2.3.0-30\nkubemacpool-container-v2.3.0-28\nkubevirt-cpu-model-nfd-plugin-container-v2.3.0-9\nkubernetes-nmstate-handler-container-v2.3.0-30\novs-cni-marker-container-v2.3.0-29\ncluster-network-addons-operator-container-v2.3.0-28\novs-cni-plugin-container-v2.3.0-28\nkubevirt-v2v-conversion-container-v2.3.0-11\nkubevirt-vmware-container-v2.3.0-11\nvirt-operator-container-v2.3.0-39\nvirt-controller-container-v2.3.0-39\nvirt-handler-container-v2.3.0-39\nvirt-api-container-v2.3.0-39\nvirt-launcher-container-v2.3.0-39\nvirt-cdi-cloner-container-v2.3.0-41\nvirt-cdi-operator-container-v2.3.0-41\nvirt-cdi-apiserver-container-v2.3.0-41\nvirt-cdi-uploadproxy-container-v2.3.0-41\nvirt-cdi-controller-container-v2.3.0-41\nvirt-cdi-importer-container-v2.3.0-41\nvirt-cdi-uploadserver-container-v2.3.0-41\nhyperconverged-cluster-operator-container-v2.3.0-61\ncnv-must-gather-container-v2.3.0-45\nhco-bundle-registry-container-v2.3.0-174",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2020:2011",
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
},
{
"category": "external",
"summary": "1712429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712429"
},
{
"category": "external",
"summary": "1713378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713378"
},
{
"category": "external",
"summary": "1722850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1722850"
},
{
"category": "external",
"summary": "1729761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1729761"
},
{
"category": "external",
"summary": "1739149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739149"
},
{
"category": "external",
"summary": "1745998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745998"
},
{
"category": "external",
"summary": "1753243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1753243"
},
{
"category": "external",
"summary": "1757784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757784"
},
{
"category": "external",
"summary": "1765221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765221"
},
{
"category": "external",
"summary": "1769593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769593"
},
{
"category": "external",
"summary": "1769595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769595"
},
{
"category": "external",
"summary": "1770339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770339"
},
{
"category": "external",
"summary": "1781293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781293"
},
{
"category": "external",
"summary": "1781512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781512"
},
{
"category": "external",
"summary": "1782241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782241"
},
{
"category": "external",
"summary": "1783343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783343"
},
{
"category": "external",
"summary": "1789093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789093"
},
{
"category": "external",
"summary": "1793603",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793603"
},
{
"category": "external",
"summary": "1794050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1794050"
},
{
"category": "external",
"summary": "1795227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795227"
},
{
"category": "external",
"summary": "1796796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796796"
},
{
"category": "external",
"summary": "1798487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798487"
},
{
"category": "external",
"summary": "1799016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799016"
},
{
"category": "external",
"summary": "1799055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799055"
},
{
"category": "external",
"summary": "1800714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800714"
},
{
"category": "external",
"summary": "1800792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800792"
},
{
"category": "external",
"summary": "1801297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801297"
},
{
"category": "external",
"summary": "1802001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802001"
},
{
"category": "external",
"summary": "1802120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802120"
},
{
"category": "external",
"summary": "1802126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802126"
},
{
"category": "external",
"summary": "1803220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803220"
},
{
"category": "external",
"summary": "1804102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804102"
},
{
"category": "external",
"summary": "1805204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805204"
},
{
"category": "external",
"summary": "1805627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805627"
},
{
"category": "external",
"summary": "1806115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806115"
},
{
"category": "external",
"summary": "1807572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807572"
},
{
"category": "external",
"summary": "1807804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807804"
},
{
"category": "external",
"summary": "1807820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807820"
},
{
"category": "external",
"summary": "1809872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809872"
},
{
"category": "external",
"summary": "1810493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810493"
},
{
"category": "external",
"summary": "1812710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812710"
},
{
"category": "external",
"summary": "1812856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812856"
},
{
"category": "external",
"summary": "1812970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812970"
},
{
"category": "external",
"summary": "1813106",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813106"
},
{
"category": "external",
"summary": "1813350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813350"
},
{
"category": "external",
"summary": "1815145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815145"
},
{
"category": "external",
"summary": "1816778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816778"
},
{
"category": "external",
"summary": "1817057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817057"
},
{
"category": "external",
"summary": "1819288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819288"
},
{
"category": "external",
"summary": "1819700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819700"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhea-2020_2011.json"
}
],
"title": "Red Hat Enhancement Advisory: CNV 2.3.0 Images",
"tracking": {
"current_release_date": "2024-11-22T14:13:17+00:00",
"generator": {
"date": "2024-11-22T14:13:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2020:2011",
"initial_release_date": "2020-05-04T19:09:59+00:00",
"revision_history": [
{
"date": "2020-05-04T19:09:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-04T19:09:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:13:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 2.3 for RHEL 8",
"product": {
"name": "CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product_id": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-model-nfd-plugin\u0026tag=v2.3.0-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product_id": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-node-labeller\u0026tag=v2.3.0-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product_id": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-kvm-info-nfd-plugin\u0026tag=v2.3.0-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1701",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1792092"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the KubeVirt main virt-handler regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1701"
},
{
"category": "external",
"summary": "RHBZ#1792092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792092"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1701",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1701"
}
],
"release_date": "2020-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-04T19:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
},
{
"category": "workaround",
"details": "This issue can only be resolved by applying updates.\nMitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets"
},
{
"acknowledgments": [
{
"names": [
"Joseph LaMagna-Reiter"
],
"organization": "SPR Inc."
}
],
"cve": "CVE-2020-1742",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1803608"
}
],
"notes": [
{
"category": "description",
"text": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default this vulnerability is not exploitable in un-privilieged containers running on OpenShift Container Platform. This is because the system call SETUID and SETGID is blocked by the default seccomp policy.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1742"
},
{
"category": "external",
"summary": "RHBZ#1803608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
},
{
"category": "external",
"summary": "RHSB-4859371",
"url": "https://access.redhat.com/articles/4859371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1742"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1742",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1742"
}
],
"release_date": "2020-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-04T19:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges"
}
]
}
rhea-2020:2011
Vulnerability from csaf_redhat
Published
2020-05-04 19:09
Modified
2024-11-22 14:13
Summary
Red Hat Enhancement Advisory: CNV 2.3.0 Images
Notes
Topic
Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Details
Container-native virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following container-native virtualization 2.3.0 images:
RHEL-7-CNV-2.3
==============
kubevirt-ssp-operator-container-v2.3.0-42
RHEL-8-CNV-2.3
==============
hostpath-provisioner-operator-container-v2.3.0-13
kubevirt-cpu-node-labeller-container-v2.3.0-9
kubevirt-metrics-collector-container-v2.3.0-9
kubevirt-template-validator-container-v2.3.0-10
virtio-win-container-v2.3.0-8
node-maintenance-operator-container-v2.3.0-10
hostpath-provisioner-container-v2.3.0-12
kubevirt-kvm-info-nfd-plugin-container-v2.3.0-9
bridge-marker-container-v2.3.0-29
cnv-containernetworking-plugins-container-v2.3.0-30
kubemacpool-container-v2.3.0-28
kubevirt-cpu-model-nfd-plugin-container-v2.3.0-9
kubernetes-nmstate-handler-container-v2.3.0-30
ovs-cni-marker-container-v2.3.0-29
cluster-network-addons-operator-container-v2.3.0-28
ovs-cni-plugin-container-v2.3.0-28
kubevirt-v2v-conversion-container-v2.3.0-11
kubevirt-vmware-container-v2.3.0-11
virt-operator-container-v2.3.0-39
virt-controller-container-v2.3.0-39
virt-handler-container-v2.3.0-39
virt-api-container-v2.3.0-39
virt-launcher-container-v2.3.0-39
virt-cdi-cloner-container-v2.3.0-41
virt-cdi-operator-container-v2.3.0-41
virt-cdi-apiserver-container-v2.3.0-41
virt-cdi-uploadproxy-container-v2.3.0-41
virt-cdi-controller-container-v2.3.0-41
virt-cdi-importer-container-v2.3.0-41
virt-cdi-uploadserver-container-v2.3.0-41
hyperconverged-cluster-operator-container-v2.3.0-61
cnv-must-gather-container-v2.3.0-45
hco-bundle-registry-container-v2.3.0-174
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.",
"title": "Topic"
},
{
"category": "general",
"text": "Container-native virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following container-native virtualization 2.3.0 images:\n\nRHEL-7-CNV-2.3\n==============\nkubevirt-ssp-operator-container-v2.3.0-42\n\nRHEL-8-CNV-2.3\n==============\nhostpath-provisioner-operator-container-v2.3.0-13\nkubevirt-cpu-node-labeller-container-v2.3.0-9\nkubevirt-metrics-collector-container-v2.3.0-9\nkubevirt-template-validator-container-v2.3.0-10\nvirtio-win-container-v2.3.0-8\nnode-maintenance-operator-container-v2.3.0-10\nhostpath-provisioner-container-v2.3.0-12\nkubevirt-kvm-info-nfd-plugin-container-v2.3.0-9\nbridge-marker-container-v2.3.0-29\ncnv-containernetworking-plugins-container-v2.3.0-30\nkubemacpool-container-v2.3.0-28\nkubevirt-cpu-model-nfd-plugin-container-v2.3.0-9\nkubernetes-nmstate-handler-container-v2.3.0-30\novs-cni-marker-container-v2.3.0-29\ncluster-network-addons-operator-container-v2.3.0-28\novs-cni-plugin-container-v2.3.0-28\nkubevirt-v2v-conversion-container-v2.3.0-11\nkubevirt-vmware-container-v2.3.0-11\nvirt-operator-container-v2.3.0-39\nvirt-controller-container-v2.3.0-39\nvirt-handler-container-v2.3.0-39\nvirt-api-container-v2.3.0-39\nvirt-launcher-container-v2.3.0-39\nvirt-cdi-cloner-container-v2.3.0-41\nvirt-cdi-operator-container-v2.3.0-41\nvirt-cdi-apiserver-container-v2.3.0-41\nvirt-cdi-uploadproxy-container-v2.3.0-41\nvirt-cdi-controller-container-v2.3.0-41\nvirt-cdi-importer-container-v2.3.0-41\nvirt-cdi-uploadserver-container-v2.3.0-41\nhyperconverged-cluster-operator-container-v2.3.0-61\ncnv-must-gather-container-v2.3.0-45\nhco-bundle-registry-container-v2.3.0-174",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2020:2011",
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
},
{
"category": "external",
"summary": "1712429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712429"
},
{
"category": "external",
"summary": "1713378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713378"
},
{
"category": "external",
"summary": "1722850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1722850"
},
{
"category": "external",
"summary": "1729761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1729761"
},
{
"category": "external",
"summary": "1739149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739149"
},
{
"category": "external",
"summary": "1745998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745998"
},
{
"category": "external",
"summary": "1753243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1753243"
},
{
"category": "external",
"summary": "1757784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757784"
},
{
"category": "external",
"summary": "1765221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765221"
},
{
"category": "external",
"summary": "1769593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769593"
},
{
"category": "external",
"summary": "1769595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769595"
},
{
"category": "external",
"summary": "1770339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770339"
},
{
"category": "external",
"summary": "1781293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781293"
},
{
"category": "external",
"summary": "1781512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781512"
},
{
"category": "external",
"summary": "1782241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782241"
},
{
"category": "external",
"summary": "1783343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783343"
},
{
"category": "external",
"summary": "1789093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789093"
},
{
"category": "external",
"summary": "1793603",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793603"
},
{
"category": "external",
"summary": "1794050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1794050"
},
{
"category": "external",
"summary": "1795227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795227"
},
{
"category": "external",
"summary": "1796796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796796"
},
{
"category": "external",
"summary": "1798487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798487"
},
{
"category": "external",
"summary": "1799016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799016"
},
{
"category": "external",
"summary": "1799055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799055"
},
{
"category": "external",
"summary": "1800714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800714"
},
{
"category": "external",
"summary": "1800792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800792"
},
{
"category": "external",
"summary": "1801297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801297"
},
{
"category": "external",
"summary": "1802001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802001"
},
{
"category": "external",
"summary": "1802120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802120"
},
{
"category": "external",
"summary": "1802126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802126"
},
{
"category": "external",
"summary": "1803220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803220"
},
{
"category": "external",
"summary": "1804102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804102"
},
{
"category": "external",
"summary": "1805204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805204"
},
{
"category": "external",
"summary": "1805627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805627"
},
{
"category": "external",
"summary": "1806115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806115"
},
{
"category": "external",
"summary": "1807572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807572"
},
{
"category": "external",
"summary": "1807804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807804"
},
{
"category": "external",
"summary": "1807820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807820"
},
{
"category": "external",
"summary": "1809872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809872"
},
{
"category": "external",
"summary": "1810493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810493"
},
{
"category": "external",
"summary": "1812710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812710"
},
{
"category": "external",
"summary": "1812856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812856"
},
{
"category": "external",
"summary": "1812970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812970"
},
{
"category": "external",
"summary": "1813106",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813106"
},
{
"category": "external",
"summary": "1813350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813350"
},
{
"category": "external",
"summary": "1815145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815145"
},
{
"category": "external",
"summary": "1816778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816778"
},
{
"category": "external",
"summary": "1817057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817057"
},
{
"category": "external",
"summary": "1819288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819288"
},
{
"category": "external",
"summary": "1819700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819700"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhea-2020_2011.json"
}
],
"title": "Red Hat Enhancement Advisory: CNV 2.3.0 Images",
"tracking": {
"current_release_date": "2024-11-22T14:13:17+00:00",
"generator": {
"date": "2024-11-22T14:13:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2020:2011",
"initial_release_date": "2020-05-04T19:09:59+00:00",
"revision_history": [
{
"date": "2020-05-04T19:09:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-04T19:09:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:13:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 2.3 for RHEL 8",
"product": {
"name": "CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product_id": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-model-nfd-plugin\u0026tag=v2.3.0-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product_id": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-node-labeller\u0026tag=v2.3.0-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product_id": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-kvm-info-nfd-plugin\u0026tag=v2.3.0-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1701",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1792092"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the KubeVirt main virt-handler regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1701"
},
{
"category": "external",
"summary": "RHBZ#1792092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792092"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1701",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1701"
}
],
"release_date": "2020-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-04T19:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
},
{
"category": "workaround",
"details": "This issue can only be resolved by applying updates.\nMitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets"
},
{
"acknowledgments": [
{
"names": [
"Joseph LaMagna-Reiter"
],
"organization": "SPR Inc."
}
],
"cve": "CVE-2020-1742",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1803608"
}
],
"notes": [
{
"category": "description",
"text": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default this vulnerability is not exploitable in un-privilieged containers running on OpenShift Container Platform. This is because the system call SETUID and SETGID is blocked by the default seccomp policy.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1742"
},
{
"category": "external",
"summary": "RHBZ#1803608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
},
{
"category": "external",
"summary": "RHSB-4859371",
"url": "https://access.redhat.com/articles/4859371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1742"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1742",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1742"
}
],
"release_date": "2020-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-04T19:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges"
}
]
}
rhea-2020_2011
Vulnerability from csaf_redhat
Published
2020-05-04 19:09
Modified
2024-11-22 14:13
Summary
Red Hat Enhancement Advisory: CNV 2.3.0 Images
Notes
Topic
Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.
Details
Container-native virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.
This advisory contains the following container-native virtualization 2.3.0 images:
RHEL-7-CNV-2.3
==============
kubevirt-ssp-operator-container-v2.3.0-42
RHEL-8-CNV-2.3
==============
hostpath-provisioner-operator-container-v2.3.0-13
kubevirt-cpu-node-labeller-container-v2.3.0-9
kubevirt-metrics-collector-container-v2.3.0-9
kubevirt-template-validator-container-v2.3.0-10
virtio-win-container-v2.3.0-8
node-maintenance-operator-container-v2.3.0-10
hostpath-provisioner-container-v2.3.0-12
kubevirt-kvm-info-nfd-plugin-container-v2.3.0-9
bridge-marker-container-v2.3.0-29
cnv-containernetworking-plugins-container-v2.3.0-30
kubemacpool-container-v2.3.0-28
kubevirt-cpu-model-nfd-plugin-container-v2.3.0-9
kubernetes-nmstate-handler-container-v2.3.0-30
ovs-cni-marker-container-v2.3.0-29
cluster-network-addons-operator-container-v2.3.0-28
ovs-cni-plugin-container-v2.3.0-28
kubevirt-v2v-conversion-container-v2.3.0-11
kubevirt-vmware-container-v2.3.0-11
virt-operator-container-v2.3.0-39
virt-controller-container-v2.3.0-39
virt-handler-container-v2.3.0-39
virt-api-container-v2.3.0-39
virt-launcher-container-v2.3.0-39
virt-cdi-cloner-container-v2.3.0-41
virt-cdi-operator-container-v2.3.0-41
virt-cdi-apiserver-container-v2.3.0-41
virt-cdi-uploadproxy-container-v2.3.0-41
virt-cdi-controller-container-v2.3.0-41
virt-cdi-importer-container-v2.3.0-41
virt-cdi-uploadserver-container-v2.3.0-41
hyperconverged-cluster-operator-container-v2.3.0-61
cnv-must-gather-container-v2.3.0-45
hco-bundle-registry-container-v2.3.0-174
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Container-native virtualization release 2.3.0 is now available with updates to packages and images that fix several bugs and add enhancements.",
"title": "Topic"
},
{
"category": "general",
"text": "Container-native virtualization is Red Hat\u0027s virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains the following container-native virtualization 2.3.0 images:\n\nRHEL-7-CNV-2.3\n==============\nkubevirt-ssp-operator-container-v2.3.0-42\n\nRHEL-8-CNV-2.3\n==============\nhostpath-provisioner-operator-container-v2.3.0-13\nkubevirt-cpu-node-labeller-container-v2.3.0-9\nkubevirt-metrics-collector-container-v2.3.0-9\nkubevirt-template-validator-container-v2.3.0-10\nvirtio-win-container-v2.3.0-8\nnode-maintenance-operator-container-v2.3.0-10\nhostpath-provisioner-container-v2.3.0-12\nkubevirt-kvm-info-nfd-plugin-container-v2.3.0-9\nbridge-marker-container-v2.3.0-29\ncnv-containernetworking-plugins-container-v2.3.0-30\nkubemacpool-container-v2.3.0-28\nkubevirt-cpu-model-nfd-plugin-container-v2.3.0-9\nkubernetes-nmstate-handler-container-v2.3.0-30\novs-cni-marker-container-v2.3.0-29\ncluster-network-addons-operator-container-v2.3.0-28\novs-cni-plugin-container-v2.3.0-28\nkubevirt-v2v-conversion-container-v2.3.0-11\nkubevirt-vmware-container-v2.3.0-11\nvirt-operator-container-v2.3.0-39\nvirt-controller-container-v2.3.0-39\nvirt-handler-container-v2.3.0-39\nvirt-api-container-v2.3.0-39\nvirt-launcher-container-v2.3.0-39\nvirt-cdi-cloner-container-v2.3.0-41\nvirt-cdi-operator-container-v2.3.0-41\nvirt-cdi-apiserver-container-v2.3.0-41\nvirt-cdi-uploadproxy-container-v2.3.0-41\nvirt-cdi-controller-container-v2.3.0-41\nvirt-cdi-importer-container-v2.3.0-41\nvirt-cdi-uploadserver-container-v2.3.0-41\nhyperconverged-cluster-operator-container-v2.3.0-61\ncnv-must-gather-container-v2.3.0-45\nhco-bundle-registry-container-v2.3.0-174",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHEA-2020:2011",
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
},
{
"category": "external",
"summary": "1712429",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712429"
},
{
"category": "external",
"summary": "1713378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1713378"
},
{
"category": "external",
"summary": "1722850",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1722850"
},
{
"category": "external",
"summary": "1729761",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1729761"
},
{
"category": "external",
"summary": "1739149",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1739149"
},
{
"category": "external",
"summary": "1745998",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1745998"
},
{
"category": "external",
"summary": "1753243",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1753243"
},
{
"category": "external",
"summary": "1757784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1757784"
},
{
"category": "external",
"summary": "1765221",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1765221"
},
{
"category": "external",
"summary": "1769593",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769593"
},
{
"category": "external",
"summary": "1769595",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769595"
},
{
"category": "external",
"summary": "1770339",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1770339"
},
{
"category": "external",
"summary": "1781293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781293"
},
{
"category": "external",
"summary": "1781512",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1781512"
},
{
"category": "external",
"summary": "1782241",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1782241"
},
{
"category": "external",
"summary": "1783343",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1783343"
},
{
"category": "external",
"summary": "1789093",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789093"
},
{
"category": "external",
"summary": "1793603",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793603"
},
{
"category": "external",
"summary": "1794050",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1794050"
},
{
"category": "external",
"summary": "1795227",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1795227"
},
{
"category": "external",
"summary": "1796796",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796796"
},
{
"category": "external",
"summary": "1798487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1798487"
},
{
"category": "external",
"summary": "1799016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799016"
},
{
"category": "external",
"summary": "1799055",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1799055"
},
{
"category": "external",
"summary": "1800714",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800714"
},
{
"category": "external",
"summary": "1800792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1800792"
},
{
"category": "external",
"summary": "1801297",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801297"
},
{
"category": "external",
"summary": "1802001",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802001"
},
{
"category": "external",
"summary": "1802120",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802120"
},
{
"category": "external",
"summary": "1802126",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1802126"
},
{
"category": "external",
"summary": "1803220",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803220"
},
{
"category": "external",
"summary": "1804102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1804102"
},
{
"category": "external",
"summary": "1805204",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805204"
},
{
"category": "external",
"summary": "1805627",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805627"
},
{
"category": "external",
"summary": "1806115",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1806115"
},
{
"category": "external",
"summary": "1807572",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807572"
},
{
"category": "external",
"summary": "1807804",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807804"
},
{
"category": "external",
"summary": "1807820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807820"
},
{
"category": "external",
"summary": "1809872",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1809872"
},
{
"category": "external",
"summary": "1810493",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1810493"
},
{
"category": "external",
"summary": "1812710",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812710"
},
{
"category": "external",
"summary": "1812856",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812856"
},
{
"category": "external",
"summary": "1812970",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1812970"
},
{
"category": "external",
"summary": "1813106",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813106"
},
{
"category": "external",
"summary": "1813350",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1813350"
},
{
"category": "external",
"summary": "1815145",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815145"
},
{
"category": "external",
"summary": "1816778",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816778"
},
{
"category": "external",
"summary": "1817057",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1817057"
},
{
"category": "external",
"summary": "1819288",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819288"
},
{
"category": "external",
"summary": "1819700",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819700"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhea-2020_2011.json"
}
],
"title": "Red Hat Enhancement Advisory: CNV 2.3.0 Images",
"tracking": {
"current_release_date": "2024-11-22T14:13:17+00:00",
"generator": {
"date": "2024-11-22T14:13:17+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHEA-2020:2011",
"initial_release_date": "2020-05-04T19:09:59+00:00",
"revision_history": [
{
"date": "2020-05-04T19:09:59+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-05-04T19:09:59+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T14:13:17+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "CNV 2.3 for RHEL 8",
"product": {
"name": "CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:container_native_virtualization:2.3::el8"
}
}
}
],
"category": "product_family",
"name": "OpenShift Virtualization"
},
{
"branches": [
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product_id": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-model-nfd-plugin\u0026tag=v2.3.0-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product_id": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-cpu-node-labeller\u0026tag=v2.3.0-9"
}
}
},
{
"category": "product_version",
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product": {
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product_id": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"product_identification_helper": {
"purl": "pkg:oci/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7?arch=amd64\u0026repository_url=registry.redhat.io/container-native-virtualization/kubevirt-kvm-info-nfd-plugin\u0026tag=v2.3.0-9"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64 as a component of CNV 2.3 for RHEL 8",
"product_id": "8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
},
"product_reference": "container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64",
"relates_to_product_reference": "8Base-CNV-2.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-1701",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2020-01-15T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1792092"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the KubeVirt main virt-handler regarding the access permissions of virt-handler. An attacker with access to create VMs could attach any secret within their namespace, allowing them to read the contents of that secret.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1701"
},
{
"category": "external",
"summary": "RHBZ#1792092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1792092"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1701",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1701"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1701",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1701"
}
],
"release_date": "2020-01-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-04T19:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
},
{
"category": "workaround",
"details": "This issue can only be resolved by applying updates.\nMitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "virt-handler: virt-handler daemonset clusterroles allows retrieval of secrets"
},
{
"acknowledgments": [
{
"names": [
"Joseph LaMagna-Reiter"
],
"organization": "SPR Inc."
}
],
"cve": "CVE-2020-1742",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-11-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1803608"
}
],
"notes": [
{
"category": "description",
"text": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "By default this vulnerability is not exploitable in un-privilieged containers running on OpenShift Container Platform. This is because the system call SETUID and SETGID is blocked by the default seccomp policy.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1742"
},
{
"category": "external",
"summary": "RHBZ#1803608",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
},
{
"category": "external",
"summary": "RHSB-4859371",
"url": "https://access.redhat.com/articles/4859371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1742"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1742",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1742"
}
],
"release_date": "2020-01-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-05-04T19:09:59+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHEA-2020:2011"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-model-nfd-plugin@sha256:6205bf74b2bbfceea280c45f465353f0f9e6d8f7087667fc6d069f097794dd2c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-cpu-node-labeller@sha256:de06c0fa6a20baea78d05437d5da51690902c93ab7707a4a425c38f67d634d3c_amd64",
"8Base-CNV-2.3:container-native-virtualization/kubevirt-kvm-info-nfd-plugin@sha256:c491da3af303a528ef73124a6c55dfb4cb34f7dee41727055ca268a30c6d18e7_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "nmstate/kubernetes-nmstate-handler: /etc/passwd is given incorrect privileges"
}
]
}
ghsa-jw82-xjgr-g6f8
Vulnerability from github
Published
2022-05-24 19:04
Modified
2023-08-23 21:44
Severity ?
Summary
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
Details
Withdrawn Advisory
This advisory has been withdrawn. This link is maintained to preserve external references.
Original Description
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c 2.3.0-30"
},
"package": {
"ecosystem": "Go",
"name": "github.com/nmstate/kubernetes-nmstate"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1742"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-732"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-13T23:17:51Z",
"nvd_published_at": "2021-06-07T20:15:00Z",
"severity": "HIGH"
},
"details": "## Withdrawn Advisory\nThis advisory has been withdrawn. This link is maintained to preserve external references.\n\n## Original Description\nAn insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.",
"id": "GHSA-jw82-xjgr-g6f8",
"modified": "2023-08-23T21:44:47Z",
"published": "2022-05-24T19:04:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1742"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management",
"withdrawn": "2023-08-23T21:44:47Z"
}
cve-2020-1742
Vulnerability from fkie_nvd
Published
2021-06-07 20:15
Modified
2024-11-21 05:11
Severity ?
Summary
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1803608 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1803608 | Exploit, Issue Tracking, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nmstate | kubernetes-nmstate | * | |
| redhat | openshift_virtualization | 2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nmstate:kubernetes-nmstate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C3437850-22E6-4D92-A83A-82947F91A2B0",
"versionEndExcluding": "2.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_virtualization:2:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC5D81-27C6-4993-A728-3F44C1DA6629",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected."
},
{
"lang": "es",
"value": "Se ha encontrado un fallo de vulnerabilidad de modificaci\u00f3n no segura en los contenedores que usan nmstate/kubernetes-nmstate-handler. Un atacante con acceso al contenedor podr\u00eda usar este fallo para modificar el par\u00e1metro /etc/passwd y escalar sus privilegios. Las versiones anteriores a kubernetes-nmstate-handler-container-v2.3.0-30 est\u00e1n afectadas"
}
],
"id": "CVE-2020-1742",
"lastModified": "2024-11-21T05:11:17.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-07T20:15:08.037",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-266"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
gsd-2020-1742
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-1742",
"description": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.",
"id": "GSD-2020-1742",
"references": [
"https://access.redhat.com/errata/RHEA-2020:2011"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-1742"
],
"details": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.",
"id": "GSD-2020-1742",
"modified": "2023-12-13T01:21:57.831499Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "nmstate/kubernetes-nmstate-handler",
"version": {
"version_data": [
{
"version_value": "kubernetes-nmstate-handler-container-v2.3.0-30"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-266"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003cv2.3.0-30",
"affected_versions": "All versions before 2.3.0-30",
"cvss_v2": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-732",
"CWE-937"
],
"date": "2023-07-13",
"description": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected.",
"fixed_versions": [
"v2.3.0-30"
],
"identifier": "CVE-2020-1742",
"identifiers": [
"GHSA-jw82-xjgr-g6f8",
"CVE-2020-1742"
],
"not_impacted": "",
"package_slug": "go/github.com/nmstate/kubernetes-nmstate",
"pubdate": "2022-05-24",
"solution": "Upgrade to version 2.3.0-30 or above.",
"title": "Incorrect Permission Assignment for Critical Resource",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2020-1742",
"https://bugzilla.redhat.com/show_bug.cgi?id=1803608",
"https://github.com/advisories/GHSA-jw82-xjgr-g6f8"
],
"uuid": "d8971c9e-160b-4a6e-aba6-3ff24de18a7a",
"versions": []
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nmstate:kubernetes-nmstate:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_virtualization:2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-1742"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An insecure modification vulnerability flaw was found in containers using nmstate/kubernetes-nmstate-handler. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. Versions before kubernetes-nmstate-handler-container-v2.3.0-30 are affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608",
"refsource": "MISC",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1803608"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-07-25T11:10Z",
"publishedDate": "2021-06-07T20:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.