CVE-2019-3818
Summary
| CVE | CVE-2019-3818 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-05 17:29:00 UTC |
| Updated | 2021-05-21 14:42:00 UTC |
| Description | The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption. |
Risk And Classification
Problem Types: CWE-327
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kube-rbac-proxy Project | Kube-rbac-proxy | All | All | All | All |
| Application | Kubernetes | Kube-rbac-proxy | All | All | All | All |
| Application | Kubernetes | Kube-rbac-proxy | All | All | All | All |
| Application | Redhat | Openshift Container Platform | 3.11 | All | All | All |
| Application | Redhat | Openshift Container Platform | 3.11 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | CONFIRM | access.redhat.com | Vendor Advisory |
| Kube-rbac-proxy CVE-2019-3818 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| 1668961 – (CVE-2019-3818) CVE-2019-3818 kube-rbac-proxy: Improper application of config allows for insecure ciphers and TLS 1.0 | CONFIRM | bugzilla.redhat.com | Issue Tracking, Patch, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.