Incorrect default permissions in guest-oslogin - CVE-2020-8903
Published: July 21, 2020
Vulnerability identifier: #VU31710
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-8903
CWE-ID: CWE-276
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
guest-oslogin
guest-oslogin
Software vendor:
Google Cloud Platform
Google Cloud Platform
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with "roles/compute.osLogin" role can use their membership to the "adm" group and escalate their privileges to root.
Remediation
Install updates from vendor's website.
External links
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00037.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00047.html
- https://cloud.google.com/support/bulletins/#gcp-2020-008
- https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
- https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020