CVE-2019-3818

Published: Feb 5, 2019Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Affected (2)

Products: Kube Rbac Proxy Project: Kube Rbac Proxy · Redhat: Openshift Container Platform

Kube Rbac Proxy Project

1 product

Kube Rbac Proxy

1 product

Openshift Container Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Kube Rbac Proxy Project Kube Rbac Proxy	Before 0.4.1
Redhat Openshift Container Platform	Version 3.11

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (8)

http://www.securityfocus.com/bid/106744

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0327

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2019-3818

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818

Source: secalert@redhat.com

Issue TrackingPatchVendor Advisory

http://www.securityfocus.com/bid/106744

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHBA-2019:0327

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://access.redhat.com/security/cve/CVE-2019-3818

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchVendor Advisory

Timeline

No history available yet.