Wiz
Vulnerability DatabaseCVE-2020-1707

CVE-2020-1707
NixOS vulnerability analysis and mitigation

Overview

CVE-2020-1707 is a security vulnerability discovered in the openshift/postgresql-apb container where /etc/passwd was given incorrect privileges. The vulnerability was first reported on January 21, 2020, and affects multiple versions of Red Hat OpenShift Container Platform including versions 3.11, 4.1, 4.2, and 4.3 (Red Hat Advisory, Bugzilla).

Technical details

The vulnerability occurs when the container modifies the permissions of /etc/passwd to make them modifiable by users other than root. By default, this vulnerability is not exploitable in unprivileged containers running on OpenShift Container Platform because the system calls SETUID and SETGID are blocked by the default seccomp policy (Bugzilla).

Impact

An attacker with access to the running container could potentially exploit this vulnerability to modify /etc/passwd to add a user and escalate their privileges (Bugzilla).

Mitigation and workarounds

Red Hat has released security updates to address this vulnerability across multiple versions of OpenShift Container Platform. Updates were released through several security advisories: RHSA-2020:0617 for version 4.2, RHSA-2020:0681 for version 4.3, RHSA-2020:0694 for version 4.1, and RHSA-2020:0801 for version 3.11 (Red Hat Advisory).

Community reactions

The vulnerability was discovered and reported by Joseph LaMagna-Reiter from SPR Inc (Bugzilla).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22783HIGH8.1
  • NixOSNixOS
  • iris
NoYesJan 12, 2026
CVE-2026-0821MEDIUM6.9
  • NixOSNixOS
  • quickjs
NoNoJan 10, 2026
CVE-2025-68949MEDIUM5.3
  • NixOSNixOS
  • n8n
NoYesJan 13, 2026
CVE-2026-22784LOW2.3
  • NixOSNixOS
  • lychee
NoYesJan 12, 2026
CVE-2026-23497LOW1.3
  • NixOSNixOS
  • learning
NoYesJan 14, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo