CVE-2019-3884
Advisory lineage Upstream: 0 Downstream: 1
Downstream
Modified
Published: 01 Aug 2019, 13:20
Last modified:04 Aug 2024, 19:19
Vulnerability Summary
Overall Risk (default)
low
22/100 CVSS Score
5.4 MEDIUM
v3.1 (nvd)
EPSS Score
0.11% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
01 Aug 2019, 13:20
Published
Vulnerability first disclosed
04 Aug 2024, 19:19
Last Modified
Vulnerability information updated
Description
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
- v3.0•LOW•Score: 3.6CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 0.11%• Percentile: 29%
Techniques & Countermeasures
- CWE-287•Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
- CWE-290•Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.
Affected Systems
- red hat•atomic-openshift
3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1
- redhat•openshift
3.6 | 3.7 | 3.8 | 3.9 | 3.10 | 3.11 | 4.1