CVE-2019-3884
MEDIUMOpenShift 3.6-3.11, 4.1 - Authentication Bypass via UUID Spoofing
Title source: llmDescription
A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3884
Scores
CVSS v3
5.4
EPSS
0.0011
EPSS Percentile
29.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Details
CWE
CWE-290
CWE-287
Status
published
Products (7)
redhat/openshift
3.6
redhat/openshift
3.7
redhat/openshift
3.8
redhat/openshift
3.9
redhat/openshift
3.10
redhat/openshift
3.11
redhat/openshift
4.1
Published
Aug 01, 2019
Tracked Since
Feb 18, 2026