Skip to main content

Openjdk CVE-2021-20264

HIGH
Incorrect Privilege Assignment (CWE-266)
2021-10-06 secalert@redhat.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 06, 2021 - 16:15 nvd
HIGH 7.8

DescriptionNVD

An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

AnalysisAI

An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-266. An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Affected products include: Oracle Openjdk.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2013-2461 HIGH
7.5 Jun 18

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and

CVE-2014-2483 CRITICAL POC
9.3 Jul 17

Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers

CVE-2022-34169 HIGH POC
7.5 Jul 19

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT styleshee

CVE-2014-8873 CRITICAL
10.0 Nov 09

A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /

CVE-2014-2405 CRITICAL
10.0 May 14

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown im

CVE-2014-0462 CRITICAL
10.0 May 14

Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown im

CVE-2012-2739 MEDIUM POC
5.0 Nov 28

Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 and 8 before build 39, computes hash values without

CVE-2021-3517 HIGH
8.6 May 19

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. Rated high severity (CVSS

CVE-2020-14583 HIGH
8.3 Jul 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV

CVE-2020-2805 HIGH
8.3 Apr 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV

CVE-2020-2803 HIGH
8.3 Apr 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Rated high severity (CV

CVE-2020-2604 HIGH
8.1 Jan 15

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Rated high severity

Share

CVE-2021-20264 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy