Oval Definition:oval:org.opensuse.security:def:20199946
Revision Date:2022-06-30Version:1
Title:CVE-2019-9946
Description:

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2019-9946
SUSE CVE-2019-9946
Platform(s):openSUSE Tumbleweed
SUSE CaaS Platform 4.0
SUSE Linux Enterprise High Performance Computing 12
SUSE Linux Enterprise Module for Public Cloud 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
Product(s):
Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND k3s-1.21.3+k3s1-1.2 is installed
    • Definition Synopsis
  • SUSE CaaS Platform 4.0 is installed
  • AND Package Information
  • kubernetes-client is not affected
  • OR kubernetes-common is not affected
  • OR kubernetes-kubeadm is not affected
  • OR kubernetes-kubelet is not affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 12 is installed
  • OR SUSE Linux Enterprise Module for Public Cloud 12 is installed
  • OR SUSE Linux Enterprise Server 12 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP4 is installed
  • OR SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND kubernetes-client is not affected
    • BACK