CVE-2019-3779
HIGHCloud Foundry Container Runtime < 0.29.0 - Privilege Escalation via Kubernetes CSR Certificate Authority
Title source: llmDescription
Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.cloudfoundry.org/blog/cve-2019-3779
Scores
CVSS v3
8.8
EPSS
0.0067
EPSS Percentile
47.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-264
CWE-284
Status
published
Products (1)
cloudfoundry/container_runtime
< 0.29.0
Published
Mar 08, 2019
Tracked Since
Feb 18, 2026