CVE-2019-10213

Published: Nov 25, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

Affected (2)

Products: Redhat: Openshift Container Platform

1 product

Openshift Container Platform

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	Version 4.1
Redhat Openshift Container Platform	Version 4.2

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 7.0

Related CWEs

Improper Output Neutralization for Logs

The product does not neutralize or incorrectly neutralizes output that is written to logs.

Insertion of Sensitive Information into Log File

Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.

References (6)

https://access.redhat.com/errata/RHSA-2019:4082

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:4088

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10213

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

https://access.redhat.com/errata/RHSA-2019:4082

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/errata/RHSA-2019:4088

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10213

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.