HIGH🇬🇧 English

CVE-2019-3779

CVSS 8.8v3.0pub. 2019-03-08upd. 2024-11-21

Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.

oryginał EN
CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cloudfoundry Container Runtime

    APP
    Cloudfoundry
    < 0.29.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2019-3780HIGH8.8ten sam produkt

Cloud Foundry Container Runtime, versions prior to 0.28.0, deploys K8s worker nodes that contains a configurat...

CVE-2022-31733CRITICAL9.1ten sam vendor

Starting with diego-release 2.55.0 and up to 2.69.0, and starting with CF Deployment 17.1 and up to 23.2.0, ap...

CVE-2018-25046CRITICAL9.1ten sam vendor

Due to improper path sanitization, archives containing relative file paths can cause files to be written (or o...

CVE-2019-3801CRITICAL9.8ten sam vendor

Cloud Foundry cf-deployment, versions prior to 7.9.0, contain java components that are using an insecure proto...

CVE-2016-6658CRITICAL9.6ten sam vendor

Applications in cf-release before 245 can be configured and pushed with a user-provided custom buildpack using...