CVE-2019-10225

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

Published: Mar 19, 2021
Updated: Apr 13, 2023
CVE: CVE-2019-10225
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-522

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	3.11	3.11.x
redhat / openshift	4.2	4.2.x
redhat / openshift_container_platform	4.0	4.0.x

https://bugzilla.redhat.com/show_bug.cgi?id=1743073

Vulnerability Database

289,697

CVE-2019-10225