Garbage Collection Vulnerability in Atomic-OpenShift by Red Hat
CVE-2019-3884

3.6LOW

Key Information:

Vendor: Red Hat
Status: Atomic-openshift
Vendor: CVE Published:; 1 August 2019

Summary

A vulnerability in the garbage collection mechanism of Atomic-OpenShift allows an attacker to spoof the UUID of a valid object from a different namespace. This exploit enables unauthorized deletion of child objects associated with those valid objects. The flaw affects multiple versions, which may expose systems to potential data manipulation or loss.

Affected Version(s)

atomic-openshift 3.6, 3.7, 3.8, 3.9, 3.10, 3.11, 4.1

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884

x_refsource_CONFIRM

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 1, 2019
Vulnerability Reserved
Jan 3, 2019