Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-11247

Опубликовано: 29 авг. 2019
Источник: nvd
CVSS3: 5
CVSS3: 8.1
CVSS2: 6.5
EPSS Низкий

Описание

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.7.0 (включая) до 1.12.10 (включая)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.13.0 (включая) до 1.13.9 (исключая)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.14.0 (включая) до 1.14.5 (исключая)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Версия от 1.15.0 (включая) до 1.15.2 (исключая)
cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*

EPSS

Процентиль: 63%
0.00447
Низкий

5 Medium

CVSS3

8.1 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20
CWE-863

Связанные уязвимости

ubuntu логотип

CVE-2019-11247

CVSS3: 8.1
ubuntu
почти 6 лет назад

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.

redhat логотип

CVE-2019-11247

CVSS3: 5
redhat
почти 6 лет назад

The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.

debian логотип

CVE-2019-11247

CVSS3: 8.1
debian
почти 6 лет назад

The Kubernetes kube-apiserver mistakenly allows access to a cluster-sc ...

github логотип

GHSA-fp37-c92q-4pwq

CVSS3: 8.1
github
около 3 лет назад

Kubernetes kube-apiserver unauthorized access

oracle-oval логотип

ELSA-2019-4816

oracle-oval
больше 5 лет назад

ELSA-2019-4816: kubernetes security update (IMPORTANT)

EPSS

Процентиль: 63%
0.00447
Низкий

5 Medium

CVSS3

8.1 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-20
CWE-863