CVE-2021-20264

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-20264
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20264.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-20264
Published
2021-10-06T16:15:07.297Z
Modified
2026-04-10T04:29:16.945746Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify the /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

References

Affected packages

Git / github.com/openjdk/jdk15u

Affected ranges

Type
GIT
Repo
https://github.com/openjdk/jdk15u
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a9a271179d2a7952154b7509a999b100cc98b13c
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "11"
        }
    ]
}

Affected versions

Other
jdk-10+20
jdk-10+21
jdk-10+22
jdk-10+23
jdk-10+24
jdk-11+0
jdk-9+100
jdk-9+101
jdk-9+102
jdk-9+103
jdk-9+104
jdk-9+105
jdk-9+106
jdk-9+107
jdk-9+108
jdk-9+109
jdk-9+110
jdk-9+111
jdk-9+112
jdk-9+113
jdk-9+114
jdk-9+115
jdk-9+116
jdk-9+117
jdk-9+118
jdk-9+119
jdk-9+120
jdk-9+121
jdk-9+122
jdk-9+123
jdk-9+124
jdk-9+127
jdk-9+128
jdk-9+129
jdk-9+130
jdk-9+131
jdk-9+132
jdk-9+133
jdk-9+134
jdk-9+135
jdk-9+136
jdk-9+137
jdk-9+138
jdk-9+139
jdk-9+140
jdk-9+141
jdk-9+142
jdk-9+143
jdk-9+144
jdk-9+145
jdk-9+146
jdk-9+147
jdk-9+148
jdk-9+149
jdk-9+150
jdk-9+151
jdk-9+152
jdk-9+153
jdk-9+154
jdk-9+155
jdk-9+156
jdk-9+95
jdk-9+96
jdk-9+97
jdk-9+98
jdk-9+99
jdk7-b100
jdk7-b101
jdk7-b102
jdk7-b103
jdk7-b104
jdk7-b105
jdk7-b106
jdk7-b107
jdk7-b108
jdk7-b120
jdk7-b121
jdk7-b122
jdk7-b123
jdk7-b124
jdk7-b125
jdk7-b126
jdk7-b127
jdk7-b128
jdk7-b129
jdk7-b130
jdk7-b131
jdk7-b132
jdk7-b133
jdk7-b134
jdk7-b135
jdk7-b136
jdk7-b137
jdk7-b138
jdk7-b139
jdk7-b140
jdk7-b141
jdk7-b143
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b44
jdk7-b45
jdk7-b46
jdk7-b48
jdk7-b49
jdk7-b50
jdk7-b51
jdk7-b53
jdk7-b54
jdk7-b55
jdk7-b56
jdk7-b60
jdk7-b61
jdk7-b62
jdk7-b63
jdk7-b64
jdk7-b65
jdk7-b66
jdk7-b68
jdk7-b70
jdk7-b71
jdk7-b72
jdk7-b73
jdk7-b74
jdk7-b75
jdk7-b76
jdk7-b77
jdk7-b78
jdk7-b79
jdk7-b80
jdk7-b81
jdk7-b82
jdk7-b83
jdk7-b84
jdk7-b85
jdk7-b86
jdk7-b87
jdk7-b88
jdk7-b89
jdk7-b90
jdk7-b91
jdk7-b92
jdk7-b93
jdk7-b94
jdk7-b95
jdk7-b96
jdk7-b97
jdk7-b98
jdk7-b99
jdk8-b01
jdk8-b119
jdk8-b120
jdk8-b15
jdk8-b16
jdk8-b18
jdk8-b19
jdk8-b20
jdk8-b21
jdk8-b22
jdk8-b23
jdk8-b24
jdk8-b25
jdk8-b26
jdk8-b27
jdk8-b28
jdk8-b29
jdk8-b30
jdk8-b31
jdk8-b32
jdk8-b33
jdk8-b34
jdk8-b35
jdk8-b36
jdk8-b37
jdk8-b38
jdk8-b39
jdk8-b40
jdk8-b41
jdk8-b42
jdk8-b43
jdk8-b44
jdk8-b45
jdk8-b46
jdk8-b49
jdk8-b50
jdk8-b52
jdk8-b53
jdk8-b54
jdk8-b55
jdk9-b00
jdk9-b01
jdk9-b04
jdk9-b05
jdk9-b06
jdk9-b07
jdk9-b08
jdk9-b10
jdk9-b11
jdk9-b12
jdk9-b13
jdk9-b14
jdk9-b15
jdk9-b16
jdk9-b17
jdk9-b18
jdk9-b19
jdk9-b20
jdk9-b21
jdk9-b23
jdk9-b24
jdk9-b25
jdk9-b26
jdk9-b27
jdk9-b30
jdk9-b31
jdk9-b32
jdk9-b33
jdk9-b34
jdk9-b35
jdk9-b36
jdk9-b37
jdk9-b38
jdk9-b39
jdk9-b40
jdk9-b41
jdk9-b42
jdk9-b43
jdk9-b44
jdk9-b45
jdk9-b46
jdk9-b47
jdk9-b48
jdk9-b49
jdk9-b50
jdk9-b51
jdk9-b52
jdk9-b53
jdk9-b54
jdk9-b55
jdk9-b56
jdk9-b57
jdk9-b58
jdk9-b59
jdk9-b60
jdk9-b61
jdk9-b62
jdk9-b63
jdk9-b64
jdk9-b65
jdk9-b66
jdk9-b67
jdk9-b68
jdk9-b69
jdk9-b70
jdk9-b71
jdk9-b72
jdk9-b73
jdk9-b74
jdk9-b75
jdk9-b76
jdk9-b77
jdk9-b78
jdk9-b79
jdk9-b80
jdk9-b81
jdk9-b82
jdk9-b83
jdk9-b84
jdk9-b85
jdk9-b86
jdk9-b87
jdk9-b88
jdk9-b89
jdk9-b90
jdk9-b91
jdk9-b92
jdk9-b94

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.8.0"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20264.json"