CVE-2019-10200
First published: Tue Jul 16 2019(Updated: )
A flaw was discovered in OpenShift Container Platform 4 where, by default, users with access to create pods also have the ability to schedule workloads on master nodes. Pods with permission to access the host network, running on master nodes, can retrieve security credentials for the master AWS IAM role, allowing management access to AWS resources. With access to the security credentials, the user then has access to the entire infrastructure. Impact to data and system availability is high.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Openshift Container Platform | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1729242
- https://github.com/openshift/cluster-kube-apiserver-operator/pull/524
- https://docs.openshift.com/container-platform/4.1/authentication/managing-security-context-constraints.html
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1730161#c5
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance
- https://docs.openshift.com/container-platform/4.4/authentication/managing-security-context-constraints.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1730161
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2019-10200
- vendor/redhat
- canonical/redhat openshift container platform
- version/redhat openshift container platform/4.0