PT-2021-8868 · Red Hat · Openshift Container Platform+2

Jason Shepherd

Published

2021-03-19

Updated

2021-03-26

CVE-2019-10225

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions openshift-4.2

Description A flaw was found in atomic-openshift where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read and modify files.

Recommendations For openshift-4.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2019-10225

Affected Products

Glusterfs

Openshift Container Platform

Atomic-Openshift

PT-2021-8868 · Red Hat · Openshift Container Platform+2

CVE-2019-10225

Weakness Enumeration

Related Identifiers

Affected Products

References · 4