PT-2021-9021 · Red Hat · Red Hat Openshift+1

Joseph Lamagna-Reiter

Published

2021-03-24

Updated

2021-03-29

CVE-2019-19350

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Hat Openshift versions 3.11 and 4

Description A flaw was discovered in the openshift/ansible-service-broker, allowing an attacker with access to the container to modify the /etc/passwd file and potentially escalate their privileges.

Recommendations For Red Hat Openshift version 3.11, update the openshift/ansible-service-broker to a version that fixes this issue. For Red Hat Openshift version 4, update the openshift/ansible-service-broker to a version that fixes this issue.

Exploit

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266

Related Identifiers

CVE-2019-19350

Affected Products

Red Hat Openshift

Openshift/Ansible-Service-Broker

PT-2021-9021 · Red Hat · Red Hat Openshift+1

CVE-2019-19350

Weakness Enumeration

Related Identifiers

Affected Products

References · 4