← Volver a CVEs
CVE-2019-10225
MEDIUM6.3
Descripcion
A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.
Detalles CVE
Puntuacion CVSS v3.16.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado3/19/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
redhat:openshiftredhat:openshift_container_platform
Debilidades (CWE)
CWE-522
Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1743073(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1743073(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.