Lucene search

[email protected]CVE-2019-11248

HistoryAug 29, 2019 - 1:15 a.m.

CVE-2019-11248

2019-08-2901:15:11

CWE-419

CWE-862

[email protected]

web.nvd.nist.gov

220

cve-2019-11248

debugging endpoint

unauthenticated access

kubelet

pprof

security vulnerability

nvd

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

7.7 High

AI Score

Confidence

High

0.601 Medium

EPSS

Percentile

97.8%

JSON

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet’s healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

Affected configurations

NVD

Node

kuberneteskubernetesRange<1.12.10

kuberneteskubernetesMatch1.13.0-

kuberneteskubernetesMatch1.13.0alpha0

kuberneteskubernetesMatch1.13.0alpha1

kuberneteskubernetesMatch1.13.0alpha2

kuberneteskubernetesMatch1.13.0alpha3

kuberneteskubernetesMatch1.13.0beta0

kuberneteskubernetesMatch1.13.0beta1

kuberneteskubernetesMatch1.13.0beta2

kuberneteskubernetesMatch1.13.0rc1

kuberneteskubernetesMatch1.13.0rc2

kuberneteskubernetesMatch1.13.1-

kuberneteskubernetesMatch1.13.1beta0

kuberneteskubernetesMatch1.13.2-

kuberneteskubernetesMatch1.13.2beta0

kuberneteskubernetesMatch1.13.3-

kuberneteskubernetesMatch1.13.3beta0

kuberneteskubernetesMatch1.13.4-

kuberneteskubernetesMatch1.13.4beta0

kuberneteskubernetesMatch1.13.5-

kuberneteskubernetesMatch1.13.5beta0

kuberneteskubernetesMatch1.13.6-

kuberneteskubernetesMatch1.13.6beta0

kuberneteskubernetesMatch1.13.7-

kuberneteskubernetesMatch1.13.7beta.0

kuberneteskubernetesMatch1.13.8beta.0

kuberneteskubernetesMatch1.14.0-

kuberneteskubernetesMatch1.14.0alpha0

kuberneteskubernetesMatch1.14.0alpha1

kuberneteskubernetesMatch1.14.0alpha2

kuberneteskubernetesMatch1.14.0alpha3

kuberneteskubernetesMatch1.14.0beta0

kuberneteskubernetesMatch1.14.0beta1

kuberneteskubernetesMatch1.14.0beta2

kuberneteskubernetesMatch1.14.0rc1

kuberneteskubernetesMatch1.14.1-

kuberneteskubernetesMatch1.14.1beta0

kuberneteskubernetesMatch1.14.2-

kuberneteskubernetesMatch1.14.2beta0

kuberneteskubernetesMatch1.14.3-

kuberneteskubernetesMatch1.14.3beta0

kuberneteskubernetesMatch1.14.4beta.0

kuberneteskubernetesMatch1.15.0alpha0

kuberneteskubernetesMatch1.15.0alpha1

kuberneteskubernetesMatch1.15.0alpha2

kuberneteskubernetesMatch1.15.0alpha3

kuberneteskubernetesMatch1.15.0beta0

kuberneteskubernetesMatch1.15.0beta1

kuberneteskubernetesMatch1.15.0beta2

kuberneteskubernetesMatch1.15.0rc1

CPENameOperatorVersion
kubernetes:kuberneteskuberneteslt1.12.10
kubernetes:kuberneteskuberneteseq1.13.0
kubernetes:kuberneteskuberneteseq1.13.1
kubernetes:kuberneteskuberneteseq1.13.2
kubernetes:kuberneteskuberneteseq1.13.3
kubernetes:kuberneteskuberneteseq1.13.4
kubernetes:kuberneteskuberneteseq1.13.5
kubernetes:kuberneteskuberneteseq1.13.6
kubernetes:kuberneteskuberneteseq1.13.7
kubernetes:kuberneteskuberneteseq1.13.8

CPE	Name	Operator	Version
kubernetes:kubernetes	kubernetes	lt	1.12.10
kubernetes:kubernetes	kubernetes	eq	1.13.0
kubernetes:kubernetes	kubernetes	eq	1.13.1
kubernetes:kubernetes	kubernetes	eq	1.13.2
kubernetes:kubernetes	kubernetes	eq	1.13.3
kubernetes:kubernetes	kubernetes	eq	1.13.4
kubernetes:kubernetes	kubernetes	eq	1.13.5
kubernetes:kubernetes	kubernetes	eq	1.13.6
kubernetes:kubernetes	kubernetes	eq	1.13.7
kubernetes:kubernetes	kubernetes	eq	1.13.8

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 1.12.10"
      },
      {
        "status": "affected",
        "version": "prior to 1.13.8"
      },
      {
        "status": "affected",
        "version": "prior to 1.14.4"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "1.2"
      },
      {
        "status": "affected",
        "version": "1.4"
      },
      {
        "status": "affected",
        "version": "1.5"
      },
      {
        "status": "affected",
        "version": "1.6"
      },
      {
        "status": "affected",
        "version": "1.7"
      },
      {
        "status": "affected",
        "version": "1.8"
      },
      {
        "status": "affected",
        "version": "1.9"
      },
      {
        "status": "affected",
        "version": "1.10"
      },
      {
        "status": "affected",
        "version": "1.11"
      }
    ]
  }
]