github - ghsa-856v-8qm2-9wjv

ghsa-856v-8qm2-9wjv

Vulnerability from github

Published

2025-08-07 21:31

Modified

2025-11-20 21:30

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

Summary

operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd

Details

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/operator-framework/operator-sdk"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.15.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-7195"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-276"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-08-07T21:59:46Z",
    "nvd_published_at": "2025-08-07T19:15:29Z",
    "severity": "MODERATE"
  },
  "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.",
  "id": "GHSA-856v-8qm2-9wjv",
  "modified": "2025-11-20T21:30:30Z",
  "published": "2025-08-07T21:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-7195"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:19332"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:19335"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:19958"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:19961"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21368"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:21885"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-7195"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2376300"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/operator-framework/operator-sdk"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd"
}

CVE-2025-7195 (GCVE-0-2025-7195)

Vulnerability from cvelistv5

Published

2025-08-07 19:05

Modified

2025-11-21 09:06

Severity ?

5.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:L

CWE

CWE-276 - Incorrect Default Permissions

Summary

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:19332	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19335	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19958	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:19961	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21368	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:21885	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-7195	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2376300	issue-tracking, x_refsource_REDHAT

Impacted products

Vendor

Product

Version

Red Hat

Compliance Operator 1

Unaffected: sha256:296761e66fbac8934c137df3e0f0027e823b5db5a32eddf24f97489e24f4b8bf < *
cpe:/a:redhat:openshift_compliance_operator:1::el9

Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:1c49bf643ea000a0f92a1d93114a4a866ff51f47947c6a7102fb8e200ae57e8a < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:4364624686c53f5996960296f8ce496ee819d500eab396f35f7bf417dfdf08b9 < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:0488dca3cb2db097732fe153483af7c4b2acdb7b0bc241f30e78cdb0474d11bb < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:af41dc511a4fba130590c8528e555fa331d0fea3c617a3f942e98216900d6773 < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:ff0c848b18b366afbe60b4fe97c876c0f71999262c9b92eae89db03b1158496f < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:7ccd6c3cf13980e73689da2a969cb29c1875e3bd4a76999a76f588f9f0cde8dd < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:46a940727ab0bb654158deab9b9fa85a768b2fd6bdcf32f9eb0c0b061317be72 < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.7	Unaffected: sha256:17ff83445d5f6c2296f1b5c5061734a7866c84f6951e140f194bb5a1b2c981a2 < * cpe:/a:redhat:multicluster_engine:2.7::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:92dcf853dee08f8f68d43d6928df81e0e03cb95ed1c7b9035de089ec831ac12f < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:c124e98be5de4a56ea655e4beca79f2858b32465fd20e07773e7a1395ab698bf < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:5f920fdd7a8222e575e3be8108f35053199041f51ea5aef10afdf16270d2c2e5 < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:495c95d1a2df101e0bf9c0eaa3caeb575f596d6098782c3a0a1dcb0342589886 < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:b488d0482849357ec15b94803eba470bd3c96a3aa70eb401e5e010d939996fd5 < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:36c26ae9529d584fbd4ed24376ff8a83fd583190d4b13461a484e8f49c3ac3b3 < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:e9a01f91576307ab1e618ce7e4db1c116b2eb9701c5f5a48b0ad671fa57dc18d < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	multicluster engine for Kubernetes 2.9	Unaffected: sha256:f2b3e838d78b6bd89e5c9f401326d08696fb29b862fa99b701a3b0aa8b705fe4 < * cpe:/a:redhat:multicluster_engine:2.9::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.12	Unaffected: sha256:e1ed0e73c99eb402fe547d9c112e3c2b9d23ff1fc5dda797638eebb42f4791be < * cpe:/a:redhat:acm:2.12::el9
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2.14	Unaffected: sha256:1b56fc6c4b897bb8a62b1fa176af6bace8282b2de38e3e69b5673c5ae3e6848c < * cpe:/a:redhat:acm:2.14::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:1ff67f3ff46b59b86c2f29596008440da7da8d594005881c65d6d4ab645aefc6 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:5ee6284d6354e4e55f1ee7eb5a79b833aae6e31bf42bf185c4192e5d373f06e7 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:c8dce4a25f10645edc649576e995b2b6619c8bc39c2c30d3cffbe3a3c3a86b35 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:c6eb556ecea92be74c6175061678d06bb3006a6ccfc5927d2327ddcf244c934b < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:e9f1e2743fe9930ccb470c6eb8d9e9577640fe6a9ab7a013648e513b6216fa74 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:2bd4927011a029a1dd7ba2baa2fdc759d431550879eddc8813d89cb44cdb2767 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:d40189f09ff39240e5e49412c1314d9911fcb957459c7496b215da8c9f758b8e < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:d2cc16ec9cc1f40da3b1967bc9a7b208062c5bc4a2753213ae2c41c62c5115aa < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:c786effa06598ecb80690644d1c9075588e123ad200db05686568a80a1feeb56 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:7ea7c9adce3bb022e345cffcb939e4d4d03e44717ac32a00cbef60d3fb5eb2b3 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:173a4998c70c4c8ff9d0d4f90fb48e8e3d3f8fbc4deeb4f742cbaa38dda61215 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:599bfb2b83e095f88d90a408d4e8bf66bf10070255c5d174ca9ed8668111d25f < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:4da2afb698447df4a45a8bc1b479e57a5da7cd7a3ace09e131717a31155ec8a5 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:da96f0e217a418accd74f8958444423cb4baca7311ee8d3bf70d22c42597f5cb < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:228bbd789e0de72a48a3673fab02aa53b14485fce3b27d2e4cd30eb30f5ac1b6 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:eb4386e6dfb4a2277085dbc44190243c40d973b80e9985fe42378098eb35e6e7 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:65c4003dfb7180e015ec74fe9e599bcc313501ab9b9c67d61fc59a68e6c89349 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:2987990bc63fa58ced038084921bdf168a017bd0b94b296a7c79dc264388339a < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	Red Hat Openshift Data Foundation 4.18	Unaffected: sha256:fdb74e11ba60926cf6abfe7898ffec199d3efe07fb0273e794ba4e10c9f7ad70 < * cpe:/a:redhat:openshift_data_foundation:4.18::el9
Red Hat	File Integrity Operator	cpe:/a:redhat:openshift_file_integrity_operator:1
Red Hat	File Integrity Operator	cpe:/a:redhat:openshift_file_integrity_operator:1
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Engine for Kubernetes	cpe:/a:redhat:multicluster_engine
Red Hat	Multicluster Global Hub	cpe:/a:redhat:multicluster_globalhub
Red Hat	Multicluster Global Hub	cpe:/a:redhat:multicluster_globalhub
Red Hat	Multicluster Global Hub	cpe:/a:redhat:multicluster_globalhub
Red Hat	Multicluster Global Hub	cpe:/a:redhat:multicluster_globalhub
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Management for Kubernetes 2	cpe:/a:redhat:acm:2
Red Hat	Red Hat Advanced Cluster Security 4	cpe:/a:redhat:advanced_cluster_security:4
Red Hat	Red Hat build of Apicurio Registry 3	cpe:/a:redhat:apicurio_registry:3
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift Dev Workspaces Operator	cpe:/a:redhat:devworkspace
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat OpenShift Virtualization 4	cpe:/a:redhat:container_native_virtualization:4
Red Hat	Red Hat Web Terminal	cpe:/a:redhat:webterminal:1
Red Hat	Red Hat Web Terminal	cpe:/a:redhat:webterminal:1

Show details on NVD website