CVE-2019-3779

Cloud Foundry Container Runtime, versions prior to 0.29.0, deploys Kubernetes clusters utilize the same CA (Certificate Authority) to sign and trust certs for ETCD as used by the Kubernetes API. This could allow a user authenticated with a cluster to request a signed certificate leveraging the Kubernetes CSR capability to obtain a credential that could escalate privilege access to ETCD.

Published : 2019-03-08 16:29 Updated : 2019-10-09 23:49

4.0

CVSS Score More info

Score 4.0 / 10

Access vector NETWORK

A vulnerability exploitable with network access means the vulnerable software is bound to the network stack and the attacker does not require local network access or local access. Such a vulnerability is often termed "remotely exploitable". An example of a network attack is an RPC buffer overflow.

Access complexity LOW

Specialized access conditions or extenuating circumstances do not exist. The following are examples:

The affected product typically requires access to a wide range of systems and users, possibly anonymous and untrusted (e.g., Internet-facing web or mail server).
The affected configuration is default or ubiquitous.
The attack can be performed manually and requires little skill or additional information gathering.
The race condition is a lazy one (i.e., it is technically a race but easily winnable).

Authentication SINGLE_INSTANCE

The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).

Confidentiality impact PARTIAL

There is considerable informational disclosure. Access to some system files is possible, but the attacker does not have control over what is obtained, or the scope of the loss is constrained. An example is a vulnerability that divulges only certain tables in a database.

Integrity impact NONE

There is no impact to the integrity of the system.

Availability impact NONE

There is no impact to the availability of the system.

CPE (40)
Tree view

Vendor	Product	Version	URI
Cloudfoundry	Container Runtime	0.0.1	cpe:/a:cloudfoundry:container_runtime:0.0.1
Cloudfoundry	Container Runtime	0.0.2	cpe:/a:cloudfoundry:container_runtime:0.0.2
Cloudfoundry	Container Runtime	0.0.3	cpe:/a:cloudfoundry:container_runtime:0.0.3
Cloudfoundry	Container Runtime	0.0.4	cpe:/a:cloudfoundry:container_runtime:0.0.4
Cloudfoundry	Container Runtime	0.0.5	cpe:/a:cloudfoundry:container_runtime:0.0.5
Cloudfoundry	Container Runtime	0.6.0	cpe:/a:cloudfoundry:container_runtime:0.6.0
Cloudfoundry	Container Runtime	0.7.0	cpe:/a:cloudfoundry:container_runtime:0.7.0
Cloudfoundry	Container Runtime	0.8.0	cpe:/a:cloudfoundry:container_runtime:0.8.0
Cloudfoundry	Container Runtime	0.8.1	cpe:/a:cloudfoundry:container_runtime:0.8.1
Cloudfoundry	Container Runtime	0.9.0	cpe:/a:cloudfoundry:container_runtime:0.9.0
Cloudfoundry	Container Runtime	0.10.0	cpe:/a:cloudfoundry:container_runtime:0.10.0
Cloudfoundry	Container Runtime	0.11.0	cpe:/a:cloudfoundry:container_runtime:0.11.0
Cloudfoundry	Container Runtime	0.11.1	cpe:/a:cloudfoundry:container_runtime:0.11.1
Cloudfoundry	Container Runtime	0.12.0	cpe:/a:cloudfoundry:container_runtime:0.12.0
Cloudfoundry	Container Runtime	0.13.0	cpe:/a:cloudfoundry:container_runtime:0.13.0
Cloudfoundry	Container Runtime	0.14.0	cpe:/a:cloudfoundry:container_runtime:0.14.0
Cloudfoundry	Container Runtime	0.15.0	cpe:/a:cloudfoundry:container_runtime:0.15.0
Cloudfoundry	Container Runtime	0.16.0	cpe:/a:cloudfoundry:container_runtime:0.16.0
Cloudfoundry	Container Runtime	0.16.1	cpe:/a:cloudfoundry:container_runtime:0.16.1
Cloudfoundry	Container Runtime	0.16.3	cpe:/a:cloudfoundry:container_runtime:0.16.3
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:-
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha0
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha1
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha2
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha4
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha5
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha6
Cloudfoundry	Container Runtime	0.17.0	cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha7
Cloudfoundry	Container Runtime	0.18.0	cpe:/a:cloudfoundry:container_runtime:0.18.0
Cloudfoundry	Container Runtime	0.19.0	cpe:/a:cloudfoundry:container_runtime:0.19.0
Cloudfoundry	Container Runtime	0.20.0	cpe:/a:cloudfoundry:container_runtime:0.20.0
Cloudfoundry	Container Runtime	0.21.0	cpe:/a:cloudfoundry:container_runtime:0.21.0
Cloudfoundry	Container Runtime	0.22.0	cpe:/a:cloudfoundry:container_runtime:0.22.0
Cloudfoundry	Container Runtime	0.23.0	cpe:/a:cloudfoundry:container_runtime:0.23.0
Cloudfoundry	Container Runtime	0.24.0	cpe:/a:cloudfoundry:container_runtime:0.24.0:-
Cloudfoundry	Container Runtime	0.24.0	cpe:/a:cloudfoundry:container_runtime:0.24.0:alpha1
Cloudfoundry	Container Runtime	0.25.0	cpe:/a:cloudfoundry:container_runtime:0.25.0
Cloudfoundry	Container Runtime	0.26.0	cpe:/a:cloudfoundry:container_runtime:0.26.0
Cloudfoundry	Container Runtime	0.27.0	cpe:/a:cloudfoundry:container_runtime:0.27.0
Cloudfoundry	Container Runtime	0.28.0	cpe:/a:cloudfoundry:container_runtime:0.28.0

Cloudfoundry (1) Search CVE
1. Container Runtime (32) Search CVE
  1. 0.0.1
  2. 0.0.2
  3. 0.0.3
  4. 0.0.4
  5. 0.0.5
  6. 0.6.0
  7. 0.7.0
  8. 0.8.0
  9. 0.8.1
  10. 0.9.0
  11. 0.10.0
  12. 0.11.0
  13. 0.11.1
  14. 0.12.0
  15. 0.13.0
  16. 0.14.0
  17. 0.15.0
  18. 0.16.0
  19. 0.16.1
  20. 0.16.3
  21. 0.17.0
  22. 0.18.0
  23. 0.19.0
  24. 0.20.0
  25. 0.21.0
  26. 0.22.0
  27. 0.23.0
  28. 0.24.0
  29. 0.25.0
  30. 0.26.0
  31. 0.27.0
  32. 0.28.0

CWE

ID	Name	Description	Links
CWE-264	Permissions, Privileges, and Access Controls	Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.		CVE

Reference

Source	Link
CONFIRM	https://www.cloudfoundry.org/blog/cve-2019-3779

History of changes

Date

Event

2019-10-09 23:49

CPEs changed

40 added

cpe:/a:cloudfoundry:container_runtime:0.0.1 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.0.2 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.0.3 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.0.4 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.0.5 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.10.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.11.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.11.1 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.12.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.13.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.14.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.15.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.16.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.16.1 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.16.3 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:- (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha1 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha2 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha4 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha5 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha6 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.17.0:alpha7 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.18.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.19.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.20.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.21.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.22.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.23.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.24.0:- (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.24.0:alpha1 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.25.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.26.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.27.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.28.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.6.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.7.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.8.0 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.8.1 (Cloudfoundry / Container Runtime)
cpe:/a:cloudfoundry:container_runtime:0.9.0 (Cloudfoundry / Container Runtime)

2019-03-12 19:20

CVSS changed

New score : 4.0
No old score

CWEs changed

Added : CWE-264

References changed

1 changed

https://www.cloudfoundry.org/blog/cve-2019-3779

UNKNOWN->VENDOR_ADVISORY

2019-03-08 16:29

CVE-2019-3779

Score 4.0 / 10

CWE

Reference

History of changes

New CVE