CVE-2019-11243

Опубликовано: 22 апр. 2019

Источник: nvd

CVSS3: 3.1

CVSS3: 8.1

CVSS2: 4.3

EPSS Низкий

Описание

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()

Ссылки

http://www.securityfocus.com/bid/108053
Third Party Advisory
VDB Entry
https://github.com/kubernetes/kubernetes/issues/76797
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0002/
Third Party Advisory
http://www.securityfocus.com/bid/108053
Third Party Advisory
VDB Entry
https://github.com/kubernetes/kubernetes/issues/76797
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0002/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Версия от 1.12.0 (включая) до 1.12.4 (включая)

cpe:2.3:a:kubernetes:kubernetes:1.13.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00241

Низкий

3.1 Low

CVSS3

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-271

CWE-212

Связанные уязвимости

CVE-2019-11243

CVSS3: 3.1

redhat

около 6 лет назад

CVE-2019-11243

CVSS3: 8.1

debian

около 6 лет назад

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientCon ...

GHSA-gc2p-g4fg-29vh

CVSS3: 8.1

github

около 3 лет назад

Kubernetes did not effectively clear service account credentials

EPSS

Процентиль: 48%

0.00241

Низкий

3.1 Low

CVSS3

8.1 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-271

CWE-212