← Back

CVE-2019-3779

nvd nist
Published: Mar 8, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.

Affected (1)

Cloudfoundry
1 product
Container Runtime
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Container Runtime
Before 0.29.0

Related CWEs

CWE-264
CWE-264
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

Source: security_alert@emc.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.