cnvd - cnvd-2019-44549

CNVD-2019-44549

Vulnerability from cnvd - Published: 2019-12-10

Title

Red Hat OpenShift Container Platform权限提升漏洞

Description

Red Hat OpenShift Container Platform是美国红帽（Red Hat）公司的一套可帮助企业在物理、虚拟和公共云基础架构之间开发、部署和管理现有基于容器的应用程序的应用平台。 Red Hat OpenShift Container Platform存在权限提升漏洞，攻击者可利用该漏洞在受影响的系统上下文中获得更高的特权。

Severity

高

Patch Name

Red Hat OpenShift Container Platform权限提升漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/openshift/openshift-ansible/pull/11860

Reference

https://access.redhat.com/errata/RHSA-2019:2818 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14819 https://packetstormsecurity.com/files/154577/Red-Hat-Security-Advisory-2019-2818-01.html

Impacted products

Name
Red Hat OpenShift Container Platform

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-14819",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-14819"
    }
  },
  "description": "Red Hat OpenShift Container Platform\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u53ef\u5e2e\u52a9\u4f01\u4e1a\u5728\u7269\u7406\u3001\u865a\u62df\u548c\u516c\u5171\u4e91\u57fa\u7840\u67b6\u6784\u4e4b\u95f4\u5f00\u53d1\u3001\u90e8\u7f72\u548c\u7ba1\u7406\u73b0\u6709\u57fa\u4e8e\u5bb9\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5e94\u7528\u5e73\u53f0\u3002\n\nRed Hat OpenShift Container Platform\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u4e0b\u6587\u4e2d\u83b7\u5f97\u66f4\u9ad8\u7684\u7279\u6743\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/openshift/openshift-ansible/pull/11860",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-44549",
  "openTime": "2019-12-10",
  "patchDescription": "Red Hat OpenShift Container Platform\u662f\u7f8e\u56fd\u7ea2\u5e3d\uff08Red Hat\uff09\u516c\u53f8\u7684\u4e00\u5957\u53ef\u5e2e\u52a9\u4f01\u4e1a\u5728\u7269\u7406\u3001\u865a\u62df\u548c\u516c\u5171\u4e91\u57fa\u7840\u67b6\u6784\u4e4b\u95f4\u5f00\u53d1\u3001\u90e8\u7f72\u548c\u7ba1\u7406\u73b0\u6709\u57fa\u4e8e\u5bb9\u5668\u7684\u5e94\u7528\u7a0b\u5e8f\u7684\u5e94\u7528\u5e73\u53f0\u3002\r\n\r\nRed Hat OpenShift Container Platform\u5b58\u5728\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u53d7\u5f71\u54cd\u7684\u7cfb\u7edf\u4e0a\u4e0b\u6587\u4e2d\u83b7\u5f97\u66f4\u9ad8\u7684\u7279\u6743\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Red Hat OpenShift Container Platform\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Red Hat OpenShift Container Platform"
  },
  "referenceLink": "https://access.redhat.com/errata/RHSA-2019:2818 \r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14819\r\nhttps://packetstormsecurity.com/files/154577/Red-Hat-Security-Advisory-2019-2818-01.html",
  "serverity": "\u9ad8",
  "submitTime": "2019-09-27",
  "title": "Red Hat OpenShift Container Platform\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

CVE-2019-14819 (GCVE-0-2019-14819)

Vulnerability from cvelistv5 – Published: 2020-01-07 17:02 – Updated: 2024-08-05 00:26

Summary

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Severity ?

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

redhat

References

URL

Tags

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…

x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	[Red Hat]	openshift-ansible	Affected: 3.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:26:39.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "openshift-ansible",
          "vendor": "[Red Hat]",
          "versions": [
            {
              "status": "affected",
              "version": "3.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-266",
              "description": "CWE-266",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-270",
              "description": "CWE-270",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-01-07T17:02:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-14819",
    "datePublished": "2020-01-07T17:02:01",
    "dateReserved": "2019-08-10T00:00:00",
    "dateUpdated": "2024-08-05T00:26:39.118Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-44549

CVE-2019-14819 (GCVE-0-2019-14819)

Tags

Sightings

Nomenclature