CVE-2020-1690
Summary
| CVE | CVE-2020-1690 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-07 20:15:00 UTC |
| Updated | 2022-07-25 11:43:00 UTC |
| Description | An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Openstack-selinux | All | All | All | All |
| Application | Redhat | Openstack Platform | 15.0 | All | All | All |
| Application | Redhat | Openstack Platform | 16.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1789640 – (CVE-2020-1690) CVE-2020-1690 openstack-selinux: policy flaw allows dbus messaging | MISC | bugzilla.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.