| Vulnerability Name: | CVE-2019-10200 (CCN-198889) | ||||||||||||
| Assigned: | 2019-03-27 | ||||||||||||
| Published: | 2021-03-19 | ||||||||||||
| Updated: | 2021-03-26 | ||||||||||||
| Summary: | A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high. | ||||||||||||
| CVSS v3 Severity: | 7.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) 6.3 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
6.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 9.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
| ||||||||||||
| Vulnerability Type: | CWE-284 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-10200 Source: CCN Type: Red Hat Bugzilla Bug 1730161 (CVE-2019-10200) - CVE-2019-10200 openshift: Users with permission to schedule pods on master nodes can access credentials for AWS IAM roles Source: XF Type: UNKNOWN openshift-cve201910200-info-disc(198889) Source: CCN Type: cluster-kube-apiserver-operator GIT Repository Bug 1729242: OCP 4 AWS privilege escalation vulnerability by running pods on masters #524 | ||||||||||||
| BACK | |||||||||||||