CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2019-11250 – Kubernetes client-go logs authorization headers at debug verbosity levels
https://notcve.org/view.php?id=CVE-2019-11250
29 Aug 2019 — The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. La biblioteca de servicio de cliente de Kubernetes registra los encabezados de solicitud en niveles de detalle de 7 o superior. Esto puede revelar las credenciales a los usu... • http://www.openwall.com/lists/oss-security/2020/10/16/2 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 3%CPEs: 9EXPL: 0CVE-2019-11249 – kubectl cp allows symlink directory traversal
https://notcve.org/view.php?id=CVE-2019-11249
29 Aug 2019 — The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions ... • https://access.redhat.com/errata/RHBA-2019:2794 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.2EPSS: 90%CPEs: 50EXPL: 1CVE-2019-11248 – Kubernetes kubelet exposes /debug/pprof info on healthz port
https://notcve.org/view.php?id=CVE-2019-11248
29 Aug 2019 — The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. • https://github.com/bash3rt3am/poc-cve • CWE-419: Unprotected Primary Channel CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11245 – kubelet-started container uid changes to root after first restart or if image is already pulled to the node
https://notcve.org/view.php?id=CVE-2019-11245
29 Aug 2019 — In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0. En kubelet v1.13.6 y v1.14.2, los contenedores para pods que no especifican un intento runAsUser explícito de ejecuta... • https://github.com/kubernetes/kubernetes/issues/78308 • CWE-264: Permissions, Privileges, and Access Controls CWE-703: Improper Check or Handling of Exceptional Conditions •
CVSS: 8.1EPSS: 0%CPEs: 8EXPL: 0CVE-2019-11247 – Kubernetes kube-apiserver allows access to custom resources via wrong scope
https://notcve.org/view.php?id=CVE-2019-11247
15 Aug 2019 — The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9... • https://access.redhat.com/errata/RHBA-2019:2816 • CWE-20: Improper Input Validation CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 2%CPEs: 5EXPL: 0CVE-2019-11246 – kubectl cp allows symlink directory traversal
https://notcve.org/view.php?id=CVE-2019-11246
27 Jun 2019 — The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions ... • https://github.com/kubernetes/kubernetes/pull/76788 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11243
https://notcve.org/view.php?id=CVE-2019-11243
22 Apr 2019 — In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig() En Kubernetes versión 1.12.0 hasta versión 1.12.4 y versión 1.13.0, el método rest.AnonymousClientConfig() retorna una copia de la configuración provist... • http://www.securityfocus.com/bid/108053 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-271: Privilege Dropping / Lowering Errors •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-11244 – kubectl creates world-writeable cached schema files
https://notcve.org/view.php?id=CVE-2019-11244
22 Apr 2019 — In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation. En Kubernetes versión 1.8.x hasta versión 1.14.x, el componente kubectl almacena en caché la información del esquema en la u... • http://www.securityfocus.com/bid/108064 • CWE-524: Use of Cache Containing Sensitive Information CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2019-9946 – kubernetes: Incorrect rule injection in CNI portmap plugin
https://notcve.org/view.php?id=CVE-2019-9946
02 Apr 2019 — Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is f... • https://access.redhat.com/errata/RHBA-2019:0862 • CWE-670: Always-Incorrect Control Flow Implementation CWE-841: Improper Enforcement of Behavioral Workflow •
CVSS: 6.4EPSS: 49%CPEs: 7EXPL: 1CVE-2019-1002101 – kubectl cp path traversal
https://notcve.org/view.php?id=CVE-2019-1002101
01 Apr 2019 — The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. ... • https://github.com/brompwnie/CVE-2019-1002101-Helpers • CWE-59: Improper Link Resolution Before File Access ('Link Following') •