CVE-2020-1690

CVE Database · CVE-2020-1690

CVE-2020-1690

· MEDIUMModified

CVSS v3.1

6.5

EPSS

0.22%

Published

Jun 7, 2021

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Weaknesses (CWE)

CWE-285

Affected Products (3)

redhat · openstack-selinux (up to 0.8.24)vulnerable

redhat · openstack_platformvulnerable

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1789640

Issue TrackingVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1789640

Issue TrackingVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs