From 4e0bdb6f533180295e63b50080bc9a5c839df665 Mon Sep 17 00:00:00 2001 From: Tausif Siddiqui Date: Mon, 9 Dec 2019 17:05:40 +0530 Subject: [PATCH] Updated CVE-2019-14819 --- 2019/14xxx/CVE-2019-14819.json | 79 ++++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 2019/14xxx/CVE-2019-14819.json diff --git a/2019/14xxx/CVE-2019-14819.json b/2019/14xxx/CVE-2019-14819.json new file mode 100644 index 00000000000..aac1128eee5 --- /dev/null +++ b/2019/14xxx/CVE-2019-14819.json @@ -0,0 +1,79 @@ +{ + "data_type": "CVE", + "data_format": "MITRE", + "data_version": "4.0", + "CVE_data_meta": { + "ID": "CVE-2019-14819", + "ASSIGNER": "msiddiqu@redhat.com" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "[Red Hat]", + "product": { + "product_data": [ + { + "product_name": "openshift-ansible", + "version": { + "version_data": [ + { + "version_value": "n/a" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-266" + } + ] + }, + { + "description": [ + { + "lang": "eng", + "value": "CWE-270" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819", + "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14819", + "refsource": "CONFIRM" + } + ] + }, + "description": { + "description_data": [ + { + "lang": "eng", + "value": "A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints." + } + ] + }, + "impact": { + "cvss": [ + [ + { + "vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.0" + } + ] + ] + } +}