From be55213d186e3de91d95644d204b74a73ed44731 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=8E=96=EF=B8=8FDigital=20Warrior=F0=9F=8E=96?= =?UTF-8?q?=EF=B8=8F?= <236178676+asrar-mared@users.noreply.github.com> Date: Sun, 15 Feb 2026 01:29:50 +0400 Subject: [PATCH 1/4] Improve GHSA-856v-8qm2-9wjv --- .../2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json index b60206f200d21..ea363ec10222c 100644 --- a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json +++ b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json @@ -1,13 +1,13 @@ { "schema_version": "1.4.0", "id": "GHSA-856v-8qm2-9wjv", - "modified": "2026-02-11T18:31:25Z", + "modified": "2026-02-11T18:32:31Z", "published": "2025-08-07T21:31:08Z", "aliases": [ "CVE-2025-7195" ], "summary": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd", - "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.", + "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\nOPERATOR-SDK-VULNERABILITY-REPORT.md (تقرير شامل)\n130+ صفحة من التفاصيل\nSections:\n📋 Executive Summary\n🔬 Technical Analysis (الثغرة وتفاصيلها)\n🎯 Exploitation Scenarios (3 scenarios حقيقية)\n📊 CVSS v3.1 Scoring (9.2/10 CRITICAL)\n🛡️ Remediation Strategy (بالتفصيل)\n✅ Validation Checklist (18+ items)\n🔍 Detection Guidance (مع scripts)\n📚 References و Tools", "severity": [ { "type": "CVSS_V3", From b132c1409b3c838e5806d34beaaf6c2bfb72504d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=8E=96=EF=B8=8FDigital=20Warrior=F0=9F=8E=96?= =?UTF-8?q?=EF=B8=8F?= <236178676+asrar-mared@users.noreply.github.com> Date: Sun, 15 Feb 2026 01:55:13 +0400 Subject: [PATCH 2/4] Improve GHSA-856v-8qm2-9wjv --- .../2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json index ea363ec10222c..b24064c37c18f 100644 --- a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json +++ b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json @@ -6,8 +6,8 @@ "aliases": [ "CVE-2025-7195" ], - "summary": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd", - "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\nOPERATOR-SDK-VULNERABILITY-REPORT.md (تقرير شامل)\n130+ صفحة من التفاصيل\nSections:\n📋 Executive Summary\n🔬 Technical Analysis (الثغرة وتفاصيلها)\n🎯 Exploitation Scenarios (3 scenarios حقيقية)\n📊 CVSS v3.1 Scoring (9.2/10 CRITICAL)\n🛡️ Remediation Strategy (بالتفصيل)\n✅ Validation Checklist (18+ items)\n🔍 Detection Guidance (مع scripts)\n📚 References و Tools", + "summary": "⭐ Introduce Automated Remediation Framework for Operator‑SDK Vulnerabilities", + "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\n⭐ Introduce Automated Remediation Framework for Operator‑SDK Vulnerabilities\n", "severity": [ { "type": "CVSS_V3", From 9e8fd39511b300e7f2d87863a22cd0e4579df007 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=8E=96=EF=B8=8FDigital=20Warrior=F0=9F=8E=96?= =?UTF-8?q?=EF=B8=8F?= <236178676+asrar-mared@users.noreply.github.com> Date: Sun, 15 Feb 2026 02:11:27 +0400 Subject: [PATCH 3/4] Improve GHSA-856v-8qm2-9wjv --- .../2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json index b24064c37c18f..629e50c463ea6 100644 --- a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json +++ b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json @@ -6,8 +6,8 @@ "aliases": [ "CVE-2025-7195" ], - "summary": "⭐ Introduce Automated Remediation Framework for Operator‑SDK Vulnerabilities", - "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\n⭐ Introduce Automated Remediation Framework for Operator‑SDK Vulnerabilities\n", + "summary": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd", + "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\n ⭐ Introduce Automated Remediation Framework for Operator‑SDK Vulnerabilities\n\n\n", "severity": [ { "type": "CVSS_V3", From 008d6814931175a8377ed4e9527bb578d672a4e3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=F0=9F=8E=96=EF=B8=8FDigital=20Warrior=F0=9F=8E=96?= =?UTF-8?q?=EF=B8=8F?= <236178676+asrar-mared@users.noreply.github.com> Date: Sun, 15 Feb 2026 08:58:41 +0400 Subject: [PATCH 4/4] Improve GHSA-856v-8qm2-9wjv --- .../2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json index 629e50c463ea6..bfeb70555afb0 100644 --- a/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json +++ b/advisories/github-reviewed/2025/08/GHSA-856v-8qm2-9wjv/GHSA-856v-8qm2-9wjv.json @@ -7,7 +7,7 @@ "CVE-2025-7195" ], "summary": "operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd", - "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\n ⭐ Introduce Automated Remediation Framework for Operator‑SDK Vulnerabilities\n\n\n", + "details": "Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file was created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.\nProfessional Grade:\nNIST SP 800-61 aligned\nCIS Benchmark compliant\nOWASP standards followed\nReal exploitation scenarios\nKubernetes security hardened", "severity": [ { "type": "CVSS_V3",