CVE-2020-1709: 
NixOS vulnerability analysis and mitigation

A vulnerability (CVE-2020-1709) was discovered in openshift/mediawiki affecting all versions prior to 4.3.0. The vulnerability involves incorrect permissions assigned to the /etc/passwd file, which could allow an attacker with container access to modify the file and escalate their privileges (Red Hat Advisory, NVD).

The vulnerability is classified as an incorrect permission assignment for critical resource (CWE-732). It has a CVSS v3.1 base score of 7.8 (High) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The issue specifically relates to improper permission settings on the /etc/passwd file within the container, making it modifiable by non-root users (NVD).

If exploited, this vulnerability allows an attacker with access to the running container to modify the /etc/passwd file, potentially adding new users and escalating their privileges to gain greater control over the system (Red Hat Bugzilla).

The vulnerability has been addressed through security updates in multiple versions of OpenShift Container Platform: version 4.1 via RHSA-2020:0694, version 3.11 via RHSA-2020:0799, and version 4.2 via RHSA-2020:0830 (Red Hat Bugzilla).