CVE-2019-10213Improper Output Neutralization for Logs in RED HAT Openshift

CWE-117Improper Output Neutralization for LogsCWE-532Log File Information Exposure6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 37.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED HAT OpenshiftRedhat Openshift Container Platform
Timeline
PublishedNov 25
Latest updateMay 17

Description

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5red_hat/openshiftversions Red Hat OpenShift 4.1 and Red Hat OpenShift 4.2

Also affects: Openshift Container Platform 4.1, 4.2

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

2
GHSA
Sensitive Data Exposure in Openshift Container Platform2021-05-17
CVEList
CVE-2019-10213: OpenShift Container Platform, versions 42019-11-25

📋Vendor Advisories

1
Red Hat
openshift: Secret data written to pod logs when operator set at Debug level or higher2019-07-12

💬Community

2
Bugzilla
CVE-2019-14854 library-go: Secret data written to static pod logs when operator set at Debug level or higher2019-10-07
Bugzilla
CVE-2019-10213 openshift: Secret data written to pod logs when operator set at Debug level or higher2019-07-31
CVE-2019-10213 — RED HAT Openshift vulnerability | cvebase