Home > Vulnerability Database > CVE-2019-3818

Mend.io Vulnerability Database

CVE-2019-3818

Good to know:

Date: February 5, 2019

The kube-rbac-proxy container before version 0.4.1 as used in Red Hat OpenShift Container Platform does not honor TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Language: Go

Severity Score

7.5

Related Resources (6)

Url: http://www.securityfocus.com/bid/106744

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-3818

Url: https://access.redhat.com/errata/RHBA-2019:0327

Url: https://access.redhat.com/security/cve/CVE-2019-3818

Url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3818

Url: https://www.mend.io/vulnerability-database/CVE-2019-3818

Severity Score

7.5

Weakness Type (CWE)

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

Top Fix

Upgrade Version

Upgrade to version v0.4.1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-3818

Good to know:

Date: February 5, 2019

Language: Go

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?