CVE-2019-19335
4.4
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with kubeconfig and kubeadmin-password files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | openshift/installer | ose-installer as shipped in Openshift 4.2 | affected |
Weaknesses
- CWE-732: CWE-732
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.