Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-10225

Опубликовано: 19 авг. 2019
Источник: redhat
CVSS3: 5
EPSS Низкий

Описание

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

A flaw was found in atomic-openshift where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

Меры по смягчению последствий

Use of the restuserkey in GlusterFS StorageClass is deprecated upstream [1] and will be removed in a future release. To mitigate this vulnerability make use of secretName, and secretNamespace parameters to store the Gluster REST service password. [1] https://kubernetes.io/docs/concepts/storage/storage-classes/#glusterfs

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11atomic-openshiftWill not fix
Red Hat OpenShift Container Platform 4openshiftWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-522
https://bugzilla.redhat.com/show_bug.cgi?id=1743073atomic-openshift: The basic-user RBAC role allow leaking of GlusterFS StorageClass restuserkey value

EPSS

Процентиль: 35%
0.00147
Низкий

5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2019-10225

CVSS3: 6.3
nvd
почти 5 лет назад

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

github логотип

GHSA-rg9w-3hxj-q4r8

github
больше 3 лет назад

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

EPSS

Процентиль: 35%
0.00147
Низкий

5 Medium

CVSS3