CVE-2019-10165

Опубликовано: 30 июл. 2019

Источник: nvd

CVSS3: 2.3

CVSS2: 2.1

EPSS Низкий

Описание

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

Ссылки

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165
Issue Tracking
Patch
Vendor Advisory
https://github.com/openshift/cluster-kube-apiserver-operator/pull/499/
Patch
Third Party Advisory
https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165
Issue Tracking
Patch
Vendor Advisory
https://github.com/openshift/cluster-kube-apiserver-operator/pull/499/
Patch
Third Party Advisory
https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*

Версия до 4.1.3 (исключая)

EPSS

Процентиль: 19%

0.00059

Низкий

2.3 Low

CVSS3

2.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532

Связанные уязвимости

CVE-2019-10165

CVSS3: 2.3

redhat

около 6 лет назад

GHSA-252g-gw8q-x2cc

github

около 3 лет назад

EPSS

Процентиль: 19%

0.00059

Низкий

2.3 Low

CVSS3

2.3 Low

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-532