CVE-2019-3818

EPSS 0.08%
Veröffentlicht 05.02.2019 17:29:00
Zuletzt bearbeitet 21.11.2024 04:42:36
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kube-rbac-proxy Project ≫ Kube-rbac-proxy Version < 0.4.1

Redhat ≫ Openshift Container Platform Version3.11

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.202

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
secalert@redhat.com	3.7	2.2	1.4	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://access.redhat.com/errata/RHBA-2019:0327

Vendor Advisory

http://www.securityfocus.com/bid/106744

Third Party Advisory

VDB Entry

https://access.redhat.com/security/cve/CVE-2019-3818

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2019-3818

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3818

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3818

EUVD