CVE-2019-3884

{"id": "CVE-2019-3884", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.0}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2019-08-01T14:15:13.190", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-290"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected."}, {"lang": "es", "value": "Se presenta una vulnerabilidad en el mecanismo garbage collection de atomic-openshift. Un atacante capaz de suplantar el UUID de un objeto v\u00e1lido de otro espacio de nombres es capaz de eliminar elementos secundarios de esos objetos. Versiones 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 y 4.1 est\u00e1n afectadas."}], "lastModified": "2023-03-03T16:52:37.823", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D"}, {"criteria": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55349BC5-90EC-4954-8CEB-3C37D34742C4"}, {"criteria": "cpe:2.3:a:redhat:openshift:3.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AA943DD-23CD-48FD-A33B-9E4DC7AE9D80"}, {"criteria": "cpe:2.3:a:redhat:openshift:3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "28C5BBDA-B4F3-40A2-9F0A-75CF4C276769"}, {"criteria": "cpe:2.3:a:redhat:openshift:3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6684D268-7B46-4672-8C9B-8719F2DC701F"}, {"criteria": "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64797939-6676-40DC-A81A-3FD0C45A8047"}, {"criteria": "cpe:2.3:a:redhat:openshift:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C19A2957-C915-4376-A4B5-87F4039BFD93"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}