CVE-2019-3818
3.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| [UNKNOWN] | kube-rbac-proxy | 0.4.1 | affected |
Weaknesses
- CWE-327: CWE-327
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/security/cve/CVE-2019-3818
- http://www.securityfocus.com/bid/106744
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818
- https://access.redhat.com/errata/RHBA-2019:0327
References
- https://access.redhat.com/security/cve/CVE-2019-3818
- http://www.securityfocus.com/bid/106744
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818
- https://access.redhat.com/errata/RHBA-2019:0327
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.