CVE-2019-10165
Last modified
CVE-2019-10165 is a low-severity vulnerability rated 2.3/10 on the CVSS scale. OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.
Metrics
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | < 4.1.3 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165Issue Tracking, Patch, Vendor Advisory
- https://github.com/openshift/cluster-kube-apiserver-operator/pull/499/Patch, Third Party Advisory
- https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165Issue Tracking, Patch, Vendor Advisory
- https://github.com/openshift/cluster-kube-apiserver-operator/pull/499/Patch, Third Party Advisory
- https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10165?
How severe is CVE-2019-10165?
How do I fix CVE-2019-10165?
Are you affected by CVE-2019-10165?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST