CVE-2019-14819Incorrect Privilege Assignment in Redhat Openshift Container Platform

CWE-266Incorrect Privilege AssignmentCWE-270Privilege Context Switching ErrorCWE-269Improper Privilege Management5 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.3%
top 50.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Openshift Container Platform
Timeline
PublishedJan 7
Latest updateMay 24

Description

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages0 packages

Also affects: Openshift Container Platform 3.10, 3.11

🔴Vulnerability Details

2
GHSA
GHSA-37jw-xgjq-3fmq: A flaw was found during the upgrade of an existing OpenShift Container Platform 32022-05-24
CVEList
CVE-2019-14819: A flaw was found during the upgrade of an existing OpenShift Container Platform 32020-01-07

📋Vendor Advisories

1
Red Hat
openshift-ansible: dockergc service account incorrectly associated with namespace during upgrade2019-08-24

💬Community

1
Bugzilla
CVE-2019-14819 openshift-ansible: dockergc service account incorrectly associated with namespace during upgrade2019-08-28
CVE-2019-14819 — Incorrect Privilege Assignment | cvebase