Garbage Collection Spoofing Vulnerability in Atomic-OpenShift

Garbage Collection Spoofing Vulnerability in Atomic-OpenShift

CVE-2019-3884 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

A vulnerability exists in the garbage collection mechanism of atomic-openshift. An attacker able spoof the UUID of a valid object from another namespace is able to delete children of those objects. Versions 3.6, 3.7, 3.8, 3.9, 3.10, 3.11 and 4.1 are affected.

Learn more about our Web Application Penetration Testing UK.