CVE-2019-10225

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
VendorProductVersion
redhatopenshift
4.2
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1743073
https://bugzilla.redhat.com/show_bug.cgi?id=1743073