{"id":"UBUNTU-CVE-2020-8907","details":"A vulnerability in Google Cloud Platform's guest-oslogin versions between 20190304 and 20200507 allows a user that is only granted the role \"roles/compute.osLogin\" to escalate privileges to root. Using their membership to the \"docker\" group, an attacker with this role is able to run docker and mount the host OS. Within docker, it is possible to modify the host OS filesystem and modify /etc/groups to gain administrative privileges. All images created after 2020-May-07 (20200507) are fixed, and if you cannot update, we recommend you edit /etc/group/security.conf and remove the \"docker\" user from the OS Login entry.","modified":"2025-10-24T04:48:20Z","published":"2020-06-22T14:15:00Z","upstream":["CVE-2020-8907"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-8907"},{"type":"REPORT","url":"https://cloud.google.com/support/bulletins/#gcp-2020-008"},{"type":"REPORT","url":"https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29"},{"type":"REPORT","url":"https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2020-8907"}],"affected":[{"package":{"name":"gce-compute-image-packages","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/gce-compute-image-packages@20190315-0ubuntu1~14.04.0?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["20160930-0ubuntu3~14.04.0","20160930-0ubuntu3~14.04.1","20160930-0ubuntu3~14.04.2","20160930-0ubuntu6~14.04.0","20170426-0ubuntu2~14.04.0","20170523-0ubuntu1~14.04.0","20170622-0ubuntu1~14.04.0","20170718-0ubuntu1~14.04.0","20171019+dfsg1-0ubuntu1~14.04.0","20171025+dfsg1-0ubuntu1~14.04.0","20171129+dfsg1-0ubuntu1~14.04.0","20180129+dfsg1-0ubuntu1~14.04.0","20180510+dfsg1-0ubuntu3~14.04.3","20180905+dfsg1-0ubuntu1~14.04.0","20180905+dfsg1-0ubuntu1~14.04.1","20190124+dfsg1-0ubuntu1~14.04.0","20190315-0ubuntu1~14.04.0"],"ecosystem_specific":{"binaries":[{"binary_version":"20190315-0ubuntu1~14.04.0","binary_name":"gce-compute-image-packages"},{"binary_version":"20190315-0ubuntu1~14.04.0","binary_name":"google-compute-engine-oslogin"},{"binary_version":"20190315-0ubuntu1~14.04.0","binary_name":"python-google-compute-engine"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8907.json"}},{"package":{"name":"gce-compute-image-packages","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/gce-compute-image-packages@20190801-0ubuntu1~16.04.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20190801-0ubuntu1~16.04.1"}]}],"versions":["20160930-0ubuntu3~16.04.0","20160930-0ubuntu5~16.04.0","20160930-0ubuntu6~16.04.0","20170426-0ubuntu2~16.04.0","20170523-0ubuntu1~16.04.0","20170622-0ubuntu1~16.04.0","20170718-0ubuntu1~16.04.0","20171019+dfsg1-0ubuntu1~16.04.0","20171025+dfsg1-0ubuntu1~16.04.0","20171129+dfsg1-0ubuntu1~16.04.0","20180129+dfsg1-0ubuntu1~16.04.0","20180510+dfsg1-0ubuntu3~16.04.0","20180510+dfsg1-0ubuntu3~16.04.1","20180905+dfsg1-0ubuntu1~16.04.0","20180905+dfsg1-0ubuntu1~16.04.1","20190124+dfsg1-0ubuntu1~16.04.0","20190522-0ubuntu1~16.04.0","20190801-0ubuntu1~16.04.0"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"20190801-0ubuntu1~16.04.1","binary_name":"gce-compute-image-packages"},{"binary_version":"20190801-0ubuntu1~16.04.1","binary_name":"google-compute-engine-oslogin"},{"binary_version":"20190801-0ubuntu1~16.04.1","binary_name":"python-google-compute-engine"},{"binary_version":"20190801-0ubuntu1~16.04.1","binary_name":"python3-google-compute-engine"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8907.json"}},{"package":{"name":"gce-compute-image-packages","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/gce-compute-image-packages@20190801-0ubuntu1~18.04.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20190801-0ubuntu1~18.04.1"}]}],"versions":["20171006+dfsg1-0ubuntu1","20171019+dfsg1-0ubuntu1","20171025+dfsg1-0ubuntu1","20171129+dfsg1-0ubuntu1","20180129+dfsg1-0ubuntu1","20180129+dfsg1-0ubuntu2","20180129+dfsg1-0ubuntu3","20180510+dfsg1-0ubuntu4~18.04.0","20180510+dfsg1-0ubuntu4~18.04.1","20180905+dfsg1-0ubuntu1~18.04.0","20190124+dfsg1-0ubuntu1~18.04.0","20190522-0ubuntu1~18.04.0","20190801-0ubuntu1~18.04.0"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"20190801-0ubuntu1~18.04.1","binary_name":"gce-compute-image-packages"},{"binary_version":"20190801-0ubuntu1~18.04.1","binary_name":"google-compute-engine-oslogin"},{"binary_version":"20190801-0ubuntu1~18.04.1","binary_name":"python-google-compute-engine"},{"binary_version":"20190801-0ubuntu1~18.04.1","binary_name":"python3-google-compute-engine"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8907.json"}},{"package":{"name":"gce-compute-image-packages","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/gce-compute-image-packages@20190801-0ubuntu4.1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20190801-0ubuntu4.1"}]}],"versions":["20190801-0ubuntu1","20190801-0ubuntu2","20190801-0ubuntu3","20190801-0ubuntu4"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_version":"20190801-0ubuntu4.1","binary_name":"gce-compute-image-packages"},{"binary_version":"20190801-0ubuntu4.1","binary_name":"google-compute-engine-oslogin"},{"binary_version":"20190801-0ubuntu4.1","binary_name":"python3-google-compute-engine"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-8907.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"type":"Ubuntu","score":"medium"}]}