CVE-2019-10200

A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1730161 Issue Tracking Mitigation Patch Third Party Advisory
https://github.com/openshift/cluster-kube-apiserver-operator/pull/524 Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:openshift_container_platform:4.0:*:*:*:*:*:*:*

Information

Published : 2021-03-19 14:15

Updated : 2021-03-26 10:34


NVD link : CVE-2019-10200

Mitre link : CVE-2019-10200


JSON object : View

CWE
CWE-284

Improper Access Control

Advertisement

dedicated server usa

Products Affected

redhat

  • openshift_container_platform