CVE-2019-10213

Опубликовано: 25 нояб. 2019

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

Ссылки

https://access.redhat.com/errata/RHSA-2019:4082
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4088
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10213
Issue Tracking
Patch
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4082
Vendor Advisory
https://access.redhat.com/errata/RHSA-2019:4088
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10213
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

cpe:2.3:a:redhat:openshift_container_platform:4.2:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00451

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-117

CWE-532

Связанные уязвимости

CVE-2019-10213

CVSS3: 5.3

redhat

больше 6 лет назад

GHSA-m2h6-jxj8-4jqf

CVSS3: 3.5

github

больше 4 лет назад

Sensitive Data Exposure in Openshift Container Platform

EPSS

Процентиль: 63%

0.00451

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-117

CWE-532