CVE-2019-14819

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Published: Jan 7, 2020
Updated: Apr 13, 2023
CVE: CVE-2019-14819
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-266
CWE-269
CWE-270

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	3.11	3.11.x
redhat / openshift_container_platform	3.10	3.10.x

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819

Vulnerability Database

289,599

CVE-2019-14819