Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-11248

Опубликовано: 29 авг. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 6.4
CVSS3: 8.2

Описание

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

РелизСтатусПримечание
bionic

DNE

devel

DNE

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-infra-legacy/trusty

DNE

focal

ignored

end of standard support, was needs-triage
groovy

ignored

end of life

Показывать по

Ссылки на источники

6.4 Medium

CVSS2

8.2 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-11248

CVSS3: 6.5
redhat
почти 6 лет назад

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

nvd логотип

CVE-2019-11248

CVSS3: 8.2
nvd
почти 6 лет назад

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

debian логотип

CVE-2019-11248

CVSS3: 8.2
debian
почти 6 лет назад

The debugging endpoint /debug/pprof is exposed over the unauthenticate ...

github логотип

GHSA-9frv-h2cf-52wh

CVSS3: 8.2
github
около 3 лет назад

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

6.4 Medium

CVSS2

8.2 High

CVSS3