vulnerability

Red Hat OpenShift: CVE-2019-14819: openshift-ansible: dockergc service account incorrectly associated with namespace during upgrade

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:P/I:P/A:P)	Oct 8, 2019	Oct 8, 2019	Apr 14, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:P/A:P)

Published

Oct 8, 2019

Added

Oct 8, 2019

Modified

Apr 14, 2025

Description

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Solution

linuxrpm-upgrade-openshift-ansible

References

CVE-2019-14819
https://attackerkb.com/topics/CVE-2019-14819
REDHAT-RHSA-2019:2818

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today