Lucene search
GoogleOSV:CVE-2019-19335HistoryMar 18, 2020 - 4:15 p.m.
CVE-2019-19335
2020-03-1816:15:11
Google
osv.dev
3
During installation of an OpenShift 4 cluster, the openshift-install command line tool creates an auth directory, with kubeconfig and kubeadmin-password files. Both files contain credentials used to authenticate to the OpenShift API server, and are incorrectly assigned word-readable permissions. ose-installer as shipped in Openshift 4.2 is vulnerable.
| CPE | Name | Operator | Version |
|---|---|---|---|
| origin | eq | 1.4.0-alpha.0 | |
| origin | eq | 1.1 | |
| origin | eq | 1.3.0 | |
| origin | eq | 1.1.3 | |
| origin | eq | 1.2.0 | |
| origin | eq | 1.3.0-rc1 | |
| origin | eq | 1.4.0-alpha.1 | |
| origin | eq | 3.7.0-rc.0 | |
| origin | eq | 3.9.0-alpha.2 | |
| origin | eq | 3.10.0-rc.0 |
Related
cvelist
cvelist
CVE-2019-19335
2020-03-18 15:45:41
redhatcve
redhatcve
CVE-2019-19335
2019-12-09 03:17:55
prion
prion
Design/Logic Flaw
2020-03-18 16:15:00
cve
cve
CVE-2019-19335
2020-03-18 16:15:11
veracode
veracode
Insecure File Permissions
2019-12-19 03:36:13
nvd
nvd
CVE-2019-19335
2020-03-18 16:15:11
