CVE-2019-14819

2019-08-28T08:51:38
ID RH:CVE-2019-14819
Type redhatcve
Reporter redhat.com
Modified 2021-03-18T09:01:56

Description

A flaw was found during the upgrade of an existing OpenShift Container Platform 3.x cluster. Using CRI-O, the dockergc service account is assigned to the current namespace of the user performing the upgrade. This flaw can allow an unprivileged user to escalate their privileges to those allowed by the privileged Security Context Constraints.

Mitigation

Make sure your kubeconfig (~/.kube/config) is using the 'default' context when executing, or re-executing a cluster upgrade or install using the ansible playbooks.