vulnerability

Kubernetes: CVE-2019-3818: Traffic sent over a TLS connection with a weak configuration could potentially break the encryption

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Feb 5, 2019	May 14, 2019	Nov 27, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Feb 5, 2019

Added

May 14, 2019

Modified

Nov 27, 2024

Description

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Solution

kubernetes-upgrade-0_4_0

References

CVE-2019-3818
https://attackerkb.com/topics/CVE-2019-3818
URL-https://nvd.nist.gov/vuln/detail/CVE-2019-3818

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today