CVE-2019-3884

Summary

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

Affected Software

VendorProductVersion RangeStatus
Red Hatatomic-openshift3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1affected

Weaknesses

  • CWE-290: CWE-290

ADP Enrichment

CVE Program Container

Additional References

References