CVE-2019-10200
Last modified
CVE-2019-10200 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. EPSS estimates a 1.29% chance of exploitation in the next 30 days.
Description
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Openshift Container Platform | 4.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1730161Issue Tracking, Mitigation, Patch, Third Party Advisory
- https://github.com/openshift/cluster-kube-apiserver-operator/pull/524Patch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1730161Issue Tracking, Mitigation, Patch, Third Party Advisory
- https://github.com/openshift/cluster-kube-apiserver-operator/pull/524Patch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-10200?
How severe is CVE-2019-10200?
How do I fix CVE-2019-10200?
Are you affected by CVE-2019-10200?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST