CVE-2019-10225

CVE-2019-10225

Vendor N/A
Product atomic-openshift
Weakness CWE-522 · Insufficiently protected credentials
Published March 19, 2021
Last update August 4, 2024

CVSS base score

What the vulnerability does

01Description

A flaw was found in atomic-openshift of openshift-4.2 where the basic-user RABC role in OpenShift Container Platform doesn't sufficiently protect the GlusterFS StorageClass against leaking of the restuserkey. An attacker with basic-user permissions is able to obtain the value of restuserkey, and use it to authenticate to the GlusterFS REST service, gaining access to read, and modify files.

Key dates

02Disclosure timeline

March 19, 2021 CVE published
August 4, 2024 Record updated