Vulnerabilities > CVE-2020-10695 - Incorrect Privilege Assignment vulnerability in Redhat Single Sign-On

CVSS 4.6 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

local

low complexity

redhat

CWE-266

NVD

Published: 2021-05-26

Updated: 2021-06-03

Summary

An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An attacker with access to the container can use this flaw to modify the /etc/passwd and escalate their privileges.

Vulnerable Configurations

Part	Description	Count
Application	Redhat Redhat Single Sign ON - Redhat Single Sign ON 7.0 Redhat Single Sign ON 7.1 Redhat Single Sign ON 7.2 Redhat Single Sign ON 7.3 Redhat Single Sign ON 7.3.2 Redhat Single Sign ON 7.3.3 Redhat Single Sign ON 7.3.5 Redhat Single Sign ON 7.4 Redhat Single Sign ON 7.4.1	10

Common Weakness Enumeration (CWE)

CWE-266 - Incorrect Privilege Assignment

References

https://bugzilla.redhat.com/show_bug.cgi?id=1817530