Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd
Summary
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. Affected products named by the advisory: RHEL-9-CNV-4.17; RHEL-9-CNV-4.18; RHEL-9-CNV-4.20; Compliance Operator 1; and 12 more. Affected products named by the advisory: Red Hat Advanced Cluster Management for Kubernetes 2.11; Red Hat Advanced Cluster Management for Kubernetes 2.12; Red Hat Advanced Cluster Management for Kubernetes 2.13; Red Hat Advanced Cluster Management for Kubernetes 2.14; and 8 more.
What this means
In plain English
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). Privilege escalation can let an existing user or process gain permissions beyond those originally granted.
Vulnerable items
- RHEL-9-CNV-4.17
- RHEL-9-CNV-4.18
- RHEL-9-CNV-4.20
- Compliance Operator 1
- Red Hat Advanced Cluster Management for Kubernetes 2.11 — Kubernetes orchestrates containerized applications across clusters of compute nodes.
- Red Hat Advanced Cluster Management for Kubernetes 2.12 — Kubernetes orchestrates containerized applications across clusters of compute nodes.
- Red Hat Advanced Cluster Management for Kubernetes 2.13 — Kubernetes orchestrates containerized applications across clusters of compute nodes.
- Red Hat Advanced Cluster Management for Kubernetes 2.14 — Kubernetes orchestrates containerized applications across clusters of compute nodes.
- Red Hat Openshift Data Foundation 4.14
- Red Hat Openshift Data Foundation 4.15
- Red Hat Openshift Data Foundation 4.16
- Red Hat Openshift Data Foundation 4.17
Recommended action
Primary action: update to a vendor-listed fixed release: 0.15.2.
Rewritten locally from the scraped official advisory data above; no generative API is used. The vendor advisory is authoritative.
- operator-sdk before 0.15.2
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Mitigation
Upgrade to a fixed release: 0.15.2. That is the remediation for this advisory.
The vendor advisory may list additional interim mitigations or workarounds not captured here — review it before change work.
Official advisory · high-confidence parse· fetched 7 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.