Public Date:
1668961: CVE-2019-3818 kube-rbac-proxy: Improper application of config allows for insecure ciphers and TLS 1.0
The kube-rbac-proxy container, as used in Red Hat OpenShift Container Platform, does not honor TLS configurations allowing for the use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption of the data stream.

Find out more about CVE-2019-3818 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 3.7
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Affected Packages State

Platform Package State
Red Hat OpenShift Container Platform 3.11 kube-rbac-proxy-container Affected


This issue was discovered by Frederic Branczyk (Red Hat), Matthias Loibl (Red Hat), and Max Inden (Red Hat).
Last Modified