Red Hat Multi-Cloud Object Gateway Core Container Privilege Escalation Vulnerability

A privilege escalation vulnerability has been identified in certain Red Hat Multi-Cloud Object Gateway Core container images. The issue arises because the /etc/passwd file is created with group-writable permissions during the build process. This flaw allows an attacker, even as a non-root user, to exploit their membership in the root group to modify the /etc/passwd file. By doing so, the attacker could add a new user with any arbitrary UID, including UID 0, thereby gaining full root privileges within the container.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation within the affected container, allowing a user to gain root access.

Reproduction

The vulnerability can be reproduced by creating a container from an affected Multi-Cloud Object Gateway Core image. Once inside the container, a user can modify the /etc/passwd file to add a new user with root privileges. This exploitation takes advantage of the excessive permissions granted to the /etc directory, which allow unauthorized changes to system files.