CVE-2019-14819

Exploit

EPSS 0.36%
Published 07.01.2020 18:15:10
Last modified 21.11.2024 04:27:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Affected products Warnungen 0 Metrics 4 CWE 3 References 4

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Openshift Container Platform Version3.10

Redhat ≫ Openshift Container Platform Version3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.36%	0.569

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
secalert@redhat.com	7.5	1.6	5.9	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-270 Privilege Context Switching Error

The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-14819

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-14819

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-14819

EUVD