CVE-2019-3779
Summary
| CVE | CVE-2019-3779 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-03-08 16:29:00 UTC |
| Updated | 2019-10-09 23:49:00 UTC |
| Description | Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cloudfoundry | Container Runtime | All | All | All | All |
| Application | Cloudfoundry | Container Runtime | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2019-3779: Cloud Foundry Container Runtime allows a user to bypass security policy when talking to ETCD | Cloud Foundry | CONFIRM | www.cloudfoundry.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.