CVE-2019-10165 LOW

CVE-2019-10165

Vendor Red Hat
Product openshift
Weakness CWE-532 · Sensitive info in logs
Published July 30, 2019
Last update August 4, 2024

CVSS base score

2.3/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

OpenShift Container Platform before version 4.1.3 writes OAuth tokens in plaintext to the audit logs for the Kubernetes API server and OpenShift API server. A user with sufficient privileges could recover OAuth tokens from these audit logs and use them to access other resources.

Key dates

02Disclosure timeline

July 30, 2019 CVE published
August 4, 2024 Record updated