CVE-2019-3682

HIGH

Suse Caas Platform - Exposure to Wrong Actor

Title source: rule

Description

The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1_ce-7.6.1 provided access to an insecure API locally on the Kubernetes master node.

References (1)

Scores

CVSS v3 8.4
EPSS 0.0014
EPSS Percentile 33.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-668
Status published

Affected Products (1)

suse/caas_platform

Timeline

Published Jan 17, 2020
Tracked Since Feb 18, 2026