OpenCVE

OpenShift Container Platform, versions 4.1 and 4.2, does not sanitize secret data written to pod logs when the log level in a given operator is set to Debug or higher. A low privileged user could read pod logs to discover secret material if the log level has already been modified in an operator by a privileged user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Openshift Openshift Container Platform

Configuration 1 [-]

AND

OR	cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.2:::::::*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.1
openshift4/ose-console-operator:v4.1.16-201909100604	cpe:/a:redhat:openshift:4.1::el7	RHSA-2019:2791	2019-09-17T00:00:00Z
openshift4/ose-cluster-authentication-operator:v4.1.26-201911260202	cpe:/a:redhat:openshift:4.1::el7	RHSA-2019:4082	2019-12-04T00:00:00Z
openshift4/ose-cluster-config-operator:v4.1.26-201911260202	cpe:/a:redhat:openshift:4.1::el7	RHSA-2019:4082	2019-12-04T00:00:00Z
openshift4/ose-cluster-kube-apiserver-operator:v4.1.26-201911260202	cpe:/a:redhat:openshift:4.1::el7	RHSA-2019:4082	2019-12-04T00:00:00Z
openshift4/ose-cluster-openshift-apiserver-operator:v4.1.27-201912030019	cpe:/a:redhat:openshift:4.1::el7	RHSA-2019:4088	2019-12-17T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2019:4082
https://access.redhat.com/errata/RHSA-2019:4088
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10213
https://nvd.nist.gov/vuln/detail/CVE-2019-10213
https://www.cve.org/CVERecord?id=CVE-2019-10213

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2019-11-25T14:21:21

Updated: 2024-08-04T22:17:18.898Z

Reserved: 2019-03-27T00:00:00

Link: CVE-2019-10213

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-25T15:15:27.557

Modified: 2024-11-21T04:18:40.133

Link: CVE-2019-10213

Redhat

Severity : Moderate

Publid Date: 2019-07-12T00:00:00Z

Links: CVE-2019-10213 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object