CVE-2019-3779: Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD
First published: Fri Mar 08 2019(Updated: )
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.
Credit: security_alert@emc.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cloudfoundry Container Runtime | <0.29.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-3779?
CVE-2019-3779 is a vulnerability in Cloud Foundry Container Runtime that allows a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes API.
What is the severity of CVE-2019-3779?
CVE-2019-3779 has a severity rating of 8.8 (high).
Which software versions are affected by CVE-2019-3779?
Cloud Foundry Container Runtime versions prior to 0.29.0 are affected by CVE-2019-3779.
How can I fix CVE-2019-3779?
To fix CVE-2019-3779, update Cloud Foundry Container Runtime to version 0.29.0 or later.
Where can I find more information about CVE-2019-3779?
You can find more information about CVE-2019-3779 at the following link: [Cloud Foundry Blog](https://www.cloudfoundry.org/blog/cve-2019-3779).
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/title
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/cloudfoundry
- canonical/cloudfoundry container runtime