KubernetesCVELIST:CVE-2019-11244CVE-2019-11244 kubectl creates world-writeable cached schema files
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.3%
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
CNA Affected
[
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.8*",
"status": "affected",
"version": "v1.8.0",
"versionType": "custom"
},
{
"lessThan": "v1.9*",
"status": "affected",
"version": "v1.9.0",
"versionType": "custom"
},
{
"lessThan": "v1.10*",
"status": "affected",
"version": "v1.10.0",
"versionType": "custom"
},
{
"lessThan": "v1.11*",
"status": "affected",
"version": "v1.11.0",
"versionType": "custom"
},
{
"lessThan": "v1.12*",
"status": "affected",
"version": "v1.12.0",
"versionType": "custom"
},
{
"lessThan": "v1.13*",
"status": "affected",
"version": "v1.13.0",
"versionType": "custom"
},
{
"lessThan": "v1.14*",
"status": "affected",
"version": "v1.14.0",
"versionType": "custom"
}
]
}
]Related
3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
5.2 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
33.3%