Red Hat · Openshift Container Platform · CVE-2019-10225
**Name of the Vulnerable Software and Affected Versions**
openshift-4.2
**Description**
A flaw was found in atomic-openshift where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the `restuserkey`. An attacker with basic-user permissions is able to obtain the value of `restuserkey`, and use it to authenticate to the GlusterFS REST service, gaining access to read and modify files.
**Recommendations**
For openshift-4.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.