CVE-2020-1690
MEDIUMopenstack-selinux < 0.8.24 - Privilege Escalation via DBus Access
Title source: llmDescription
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1789640
Scores
CVSS v3
6.5
EPSS
0.0003
EPSS Percentile
9.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-285
Status
published
Products (3)
redhat/openstack-selinux
< 0.8.24
redhat/openstack_platform
15.0
redhat/openstack_platform
16.1
Published
Jun 07, 2021
Tracked Since
Feb 18, 2026