CVE-2019-3779

HIGH

Cloud Foundry Container Runtime < 0.29.0 - Privilege Escalation via Kubernetes CSR Certificate Authority

Title source: llm
STIX 2.1

Description

Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-3779

Scores

CVSS v3 8.8
EPSS 0.0067
EPSS Percentile 47.3%
Attack Vector ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-264 CWE-284
Status published
Products (1)
cloudfoundry/container_runtime < 0.29.0
Published Mar 08, 2019
Tracked Since Feb 18, 2026