CVE Vulnerabilities

CVE-2019-14819

Incorrect Privilege Assignment

Published: Jan 07, 2020 | Modified: Feb 12, 2023
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Openshift_container_platform Redhat 3.10 (including) 3.10 (including)
Openshift_container_platform Redhat 3.11 (including) 3.11 (including)
Red Hat OpenShift Container Platform 3.11 RedHat openshift-ansible-0:3.11.146-1.git.0.fcedb45.el7 *

Potential Mitigations

References