PT-2020-9605 · Red Hat · Openshift Container Platform
Jason Shepherd
·
Published
2020-01-07
·
Updated
2023-02-12
·
CVE-2019-14819
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenShift Container Platform versions 3.x
Description
A flaw was discovered in the upgrade process of OpenShift Container Platform, specifically when using CRI-O. The issue allows an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints, as the dockergc service account is assigned to the current namespace of the user performing the upgrade.
Recommendations
For OpenShift Container Platform versions 3.x, consider restricting the privileges assigned to the dockergc service account during the upgrade process to prevent unauthorized privilege escalation. As a temporary workaround, limit the use of CRI-O during upgrades until a more permanent solution is available.
Exploit
Fix
Improper Privilege Management
Incorrect Privilege Assignment
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openshift Container Platform