CVE-2019-14819 HIGH

CVE-2019-14819

Vendor [Red Hat]
Product openshift-ansible
Weakness CWE-266
Published January 7, 2020
Last update August 5, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Key dates

02Disclosure timeline

January 7, 2020 CVE published
August 5, 2024 Record updated