Public Date:
1668961: CVE-2019-3818 kube-rbac-proxy: Improper application of config allows for insecure ciphers and TLS 1.0
The kube-rbac-proxy container, as used in Red Hat OpenShift Container Platform, does not honor TLS configurations allowing for the use of insecure ciphers and TLS 1.0. An attacker could target traffic sent over a TLS connection with a weak configuration and potentially break the encryption of the data stream.

Find out more about CVE-2019-3818 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 3.7
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity High
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Impact None
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat OpenShift Container Platform 3.11 RHBA-2019:0327 2019-02-20

Affected Packages State

Platform Package State
Red Hat OpenShift Container Platform 4.1 kube-rbac-proxy-container Not affected
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.


This issue was discovered by Frederic Branczyk (Red Hat), Matthias Loibl (Red Hat), and Max Inden (Red Hat).
Last Modified