目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1336

100%

CVE-2025-8766— Red Hat Openshift Data Foundation 安全漏洞

CVSS 6.4 · Medium EPSS 0.17% · P6

影响版本矩阵 27

厂商产品版本范围状态
Red HatRed Hat Openshift Data Foundation 4.221782932114< *unaffected
1782931768< *unaffected
1782932104< *unaffected
1783536000< *unaffected
1783535989< *unaffected
1783536515< *unaffected
1782932521< *unaffected
1783018461< *unaffected
… +19 条更多
获取后续新漏洞提醒登录后订阅

一、 漏洞 CVE-2025-8766 基础信息

漏洞信息

对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Noobaa-core: excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
缺省权限不正确
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
Red Hat Openshift Data Foundation 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
Red Hat Openshift Data Foundation是美国红帽(Red Hat)公司的一款软件定义存储平台。 Red Hat Openshift Data Foundation 4存在安全漏洞,该漏洞源于构建时创建的/etc/passwd文件具有组可写权限,可能导致攻击者在容器内执行命令并修改该文件,从而获得完整的root权限。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商产品影响版本CPE订阅
Red HatRed Hat Openshift Data Foundation 4.22 1782932114 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782931768 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782932104 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783536000 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783535989 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783536515 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782932521 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783018461 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783018421 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782932812 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783537001 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782932919 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783537586 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782932969 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782933015 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782933042 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783537392 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782933235 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782933251 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783537955 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782933417 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783537742 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782933602 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1783019377 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782934054 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782934036 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9
Red HatRed Hat Openshift Data Foundation 4.22 1782934284 ~ * cpe:/a:redhat:openshift_data_foundation:4.22::el9

二、漏洞 CVE-2025-8766 的公开POC

#POC 描述源链接神龙链接
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2025-8766 的情报信息

登录查看更多情报信息。

CVE-2025-8766 厂商安全公告 (3)

同批安全公告 · Red Hat · 2026-03-13 · 共 4 条

CVE-2026-41117.5 HIGHRed Hat Enterprise Linux 10 安全漏洞
CVE-2026-41056.7 MEDIUMRed Hat Enterprise Linux 访问控制错误漏洞
CVE-2025-578496.4 MEDIUMRed Hat Fuse 安全漏洞

IV. Related Vulnerabilities

V. Comments for CVE-2025-8766

暂无评论


发表评论