Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Improper Privilege Management
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, High, [TheRedHatter/javagoof:Dockerfile]:Improper Privilege Management
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><1:4.4-4.1+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream shadow
package.
See How to fix?
for Debian:9
relevant versions.
The Debian shadow package before 1:4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM's nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.
References
Origin : null Type : null Image Id : null
Snyk Project Status: Active