| Vulnerability Name: | CVE-2019-11247 (CCN-164767) | ||||||||||||
| Assigned: | 2019-08-05 | ||||||||||||
| Published: | 2019-08-05 | ||||||||||||
| Updated: | 2020-10-02 | ||||||||||||
| Summary: | The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12. | ||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-863 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-11247 Source: REDHAT Type: Third Party Advisory RHBA-2019:2816 Source: REDHAT Type: Third Party Advisory RHBA-2019:2824 Source: REDHAT Type: Third Party Advisory RHSA-2019:2690 Source: REDHAT Type: Third Party Advisory RHSA-2019:2769 Source: XF Type: UNKNOWN kubernetes-cve201911247-unauth-access(164767) Source: CCN Type: Kubernetes GIT Repository v1.13.9 Source: CCN Type: Kubernetes GIT Repository v1.14.5 Source: CCN Type: Kubernetes GIT Repository v1.15.2 Source: CONFIRM Type: Third Party Advisory https://github.com/kubernetes/kubernetes/issues/80983 Source: MLIST Type: Third Party Advisory v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249 Source: CCN Type: oss-sec Mailing List, Mon, 5 Aug 2019 12:01:22 -0400 Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249 Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20190919-0003/ Source: CCN Type: IBM Security Bulletin 1167154 (API Connect) IBM API Connect is impacted by vulnerabilities in Kubernetes (CVE-2019-11249, CVE-2019-11247) Source: CCN Type: IBM Security Bulletin 1168522 (PowerAI Vision) A security vulnerability has been identified in Kubernetes shipped with PowerAI Vision Source: CCN Type: IBM Security Bulletin 6436613 (InfoSphere Information Server) Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server Source: CCN Type: IBM Security Bulletin 6599703 (Db2 On Openshift) Multiple vulnerabilities affect IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data Source: CCN Type: IBM Security Bulletin 6833272 (CICS TX Standard) IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes. Source: CCN Type: IBM Security Bulletin 6833274 (CICS TX Advanced) IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes. | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||