CVE-2019-3779

Name of the Vulnerable Software and Affected Versions Cloud Foundry Container Runtime versions prior to 0.29.0

Description The issue concerns the deployment of Kubernetes clusters where the same Certificate Authority (CA) is used to sign and trust certificates for ETCD as well as the Kubernetes API. This could potentially allow an authenticated user to exploit the Kubernetes Certificate Signing Request (CSR) capability to obtain a signed certificate, which could then be used to escalate privilege access to ETCD.

Recommendations For Cloud Foundry Container Runtime versions prior to 0.29.0, update to version 0.29.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Kubernetes CSR capability to minimize the risk of exploitation.