{"containers": {"cna": {"affected": [{"product": "atomic-openshift", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-290", "description": "CWE-290", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-01T13:20:50", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T19:19:18.666Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-3884", "datePublished": "2019-08-01T13:20:50", "dateReserved": "2019-01-03T00:00:00", "dateUpdated": "2024-08-04T19:19:18.666Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:3.6:*:*:*:*:*:*:*", "matchCriteriaId": "A52F7AE1-754D-4EE1-8EC1-7765292B4C2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.7:*:*:*:*:*:*:*", "matchCriteriaId": "55349BC5-90EC-4954-8CEB-3C37D34742C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.8:*:*:*:*:*:*:*", "matchCriteriaId": "2AA943DD-23CD-48FD-A33B-9E4DC7AE9D80", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.9:*:*:*:*:*:*:*", "matchCriteriaId": "28C5BBDA-B4F3-40A2-9F0A-75CF4C276769", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.10:*:*:*:*:*:*:*", "matchCriteriaId": "6684D268-7B46-4672-8C9B-8719F2DC701F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "64797939-6676-40DC-A81A-3FD0C45A8047", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C19A2957-C915-4376-A4B5-87F4039BFD93", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected."}, {"lang": "es", "value": "Se presenta una vulnerabilidad en el mecanismo garbage collection de atomic-openshift. Un atacante capaz de suplantar el UUID de un objeto v\u00e1lido de otro espacio de nombres es capaz de eliminar elementos secundarios de esos objetos. Versiones 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 y 4.1 est\u00e1n afectadas."}], "id": "CVE-2019-3884", "lastModified": "2023-03-03T16:52:37.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.6, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 2.5, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-01T14:15:13.190", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-290"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "This issue was discovered by Jessica Forrester (Red Hat).", "affected_release": [{"advisory": "RHSA-2020:5634", "cpe": "cpe:/a:redhat:openshift:4.7::el7", "package": "openshift-0:4.7.0-202102060108.p0.git.97095.7271b90.el7", "product_name": "Red Hat OpenShift Container Platform 4.7", "release_date": "2021-02-24T00:00:00Z"}], "bugzilla": {"description": "atomic-openshift: cross-namespace owner references can trigger deletions of valid children", "id": "1693905", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1693905"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.6", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L", "status": "verified"}, "cwe": "CWE-290", "details": ["A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.", "A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects."], "name": "CVE-2019-3884", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.10", "fix_state": "Fix deferred", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.10"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.4", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.4"}, {"cpe": "cpe:/a:redhat:openshift:3.5", "fix_state": "Not affected", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.5"}, {"cpe": "cpe:/a:redhat:openshift:3.6", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.6"}, {"cpe": "cpe:/a:redhat:openshift:3.7", "fix_state": "Out of support scope", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.7"}, {"cpe": "cpe:/a:redhat:openshift:3.9", "fix_state": "Will not fix", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.9"}], "public_date": "2019-03-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-3884\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3884"], "threat_severity": "Low"}