CVE-2019-3818

EPSS 0.08%
Published 05.02.2019 17:29:00
Last modified 21.11.2024 04:42:36
Source secalert@redhat.com
Teams watchlist Login
Open Login

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Affected products Warnungen 0 Metrics 4 CWE 1 References 7

Data is provided by the National Vulnerability Database (NVD)

Kube-rbac-proxy Project ≫ Kube-rbac-proxy Version < 0.4.1

Redhat ≫ Openshift Container Platform Version3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.08%	0.202

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com	3.7	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://access.redhat.com/errata/RHBA-2019:0327

Vendor Advisory

http://www.securityfocus.com/bid/106744

Third Party Advisory

VDB Entry

https://access.redhat.com/security/cve/CVE-2019-3818

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-3818

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3818

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3818

EUVD