CVE-2019-10225

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1743073	Issue Tracking Mitigation Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:openshift:4.2:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::*

History

26 Mar 2021, 17:42

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
CPE		cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 6.5 v3 : 6.3
References	~~(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 -~~	(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1743073 - Issue Tracking, Mitigation, Third Party Advisory

20 Mar 2021, 01:20

Type	Values Removed	Values Added
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown
CPE	cpe:2.3:a:redhat:openshift_container_platform:4.0:::::::* cpe:2.3:a:redhat:openshift:4.2:::::::* cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
CVSS	v2 : ~~6.5~~ v3 : ~~6.3~~	v2 : unknown v3 : unknown

19 Mar 2021, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-03-19 21:15

Updated : 2023-12-10 13:41

NVD link : CVE-2019-10225

Mitre link : CVE-2019-10225

CVE.ORG link : CVE-2019-10225

JSON object : View

Products Affected

redhat

openshift
openshift_container_platform

CWE

CWE-522

Insufficiently Protected Credentials

6.3 /10