CVE-2019-14819
openshift-ansible: dockergc service account incorrectly associated with namespace during upgrade
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.
Se encontró un fallo durante la actualización de un clúster existente de OpenShift Container Platform versiones 3.x. Usando CRI-O, la cuenta de servicio dockergc es asignada al espacio de nombres actual del usuario que lleva a cabo la actualización. Este fallo puede permitir a un usuario sin privilegios escalar sus privilegios a los permitidos por las Restricciones del Contexto de Seguridad privilegiadas.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-08-10 CVE Reserved
- 2019-09-23 CVE Published
- 2023-05-12 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-266: Incorrect Privilege Assignment
- CWE-269: Improper Privilege Management
- CWE-270: Privilege Context Switching Error
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2019-14819 | 2019-09-23 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1746238 | 2019-09-23 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.10 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
|