Vulnerability Name:

CVE-2019-11244 (CCN-160042)

Assigned:2019-04-16
Published:2019-04-16
Updated:2020-10-02
Summary:In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
CVSS v3 Severity:5.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N)
4.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:1.9 Low (CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-732
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2019-11244

Source: BID
Type: Third Party Advisory, VDB Entry
108064

Source: REDHAT
Type: Third Party Advisory
RHSA-2019:3942

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0020

Source: REDHAT
Type: Third Party Advisory
RHSA-2020:0074

Source: XF
Type: UNKNOWN
kubernetes-cve201911244-sec-bypass(160042)

Source: CCN
Type: Kubernetes GIT Repository
CVE-2019-11244: `kubectl --http-cache=` creates world-writeable cached schema files #76676

Source: MISC
Type: Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/76676

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0002/

Source: CCN
Type: IBM Security Bulletin 888071 (Event Streams)
IBM Event Streams is affected by kubectl vulnerabilities

Source: CCN
Type: IBM Security Bulletin 1167088 (Cloud Private)
IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-ID: CVE-2019-11244)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (Version >= 1.8.0 and <= 1.14.1)

    • Configuration 2:
  • cpe:/a:netapp:trident:-:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:kubernetes:kubernetes:1.8.0:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:event_streams:2018.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2018.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:event_streams:2019.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.0:cd:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    kubernetes kubernetes *
    netapp trident -
    redhat openshift container platform 3.11
    redhat openshift container platform 4.1
    kubernetes kubernetes 1.8.0 -
    kubernetes kubernetes 1.14.0
    ibm event streams 2018.3.0
    ibm event streams 2018.3.1
    ibm event streams 2019.1.1
    ibm cloud private 3.2.0 cd