6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
0.001 Low
EPSS
Percentile
33.3%
A vulnerability in Google Cloud Platform’s guest-oslogin versions between
20190304 and 20200507 allows a user that is only granted the role
“roles/compute.osLogin” to escalate privileges to root. Using their
membership to the “adm” group, users with this role are able to read the
DHCP XID from the systemd journal. Using the DHCP XID, it is then possible
to set the IP address and hostname of the instance to any value, which is
then stored in /etc/hosts. An attacker can then point
metadata.google.internal to an arbitrary IP address and impersonate the GCE
metadata server which make it is possible to instruct the OS Login PAM
module to grant administrative privileges. All images created after
2020-May-07 (20200507) are fixed, and if you cannot update, we recommend
you edit /etc/group/security.conf and remove the “adm” user from the OS
Login entry.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | gce-compute-image-packages | < 20190801-0ubuntu1~18.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | gce-compute-image-packages | < 20190801-0ubuntu1.1 | UNKNOWN |
ubuntu | 20.04 | noarch | gce-compute-image-packages | < 20190801-0ubuntu4.1 | UNKNOWN |
ubuntu | 20.10 | noarch | gce-compute-image-packages | < 20190801-0ubuntu5 | UNKNOWN |
ubuntu | 21.04 | noarch | gce-compute-image-packages | < 20190801-0ubuntu5 | UNKNOWN |
ubuntu | 21.10 | noarch | gce-compute-image-packages | < 20190801-0ubuntu5 | UNKNOWN |
ubuntu | 22.04 | noarch | gce-compute-image-packages | < 20190801-0ubuntu5 | UNKNOWN |
ubuntu | 22.10 | noarch | gce-compute-image-packages | < 20190801-0ubuntu5 | UNKNOWN |
ubuntu | 23.04 | noarch | gce-compute-image-packages | < 20190801-0ubuntu5 | UNKNOWN |
ubuntu | 23.10 | noarch | gce-compute-image-packages | < 20190801-0ubuntu5 | UNKNOWN |
cloud.google.com/support/bulletins/#gcp-2020-008
github.com/GoogleCloudPlatform/guest-oslogin/pull/29
gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020
launchpad.net/bugs/cve/CVE-2020-8903
nvd.nist.gov/vuln/detail/CVE-2020-8903
security-tracker.debian.org/tracker/CVE-2020-8903
www.cve.org/CVERecord?id=CVE-2020-8903
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.3 High
CVSS4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
ACTIVE
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
0.001 Low
EPSS
Percentile
33.3%