CVE-2019-14819 Vulnerability Details

  /     /     /  

CVE-2019-14819 Metadata Quick Info

CVE Published: 07/01/2020 | CVE Updated: 05/08/2024 | CVE Year: 2019
Source: redhat | Vendor: [Red Hat] | Product: openshift-ansible
Status : PUBLISHED

---

CVE-2019-14819 Description

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-266
CWE Name: CWE-266
Source: [Red Hat]

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).