Vulnerability Name:

CVE-2019-11248 (CCN-164836)

Assigned:2019-08-06
Published:2019-08-06
Updated:2020-10-05
Summary:The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
CVSS v3 Severity:8.2 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): Low
6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-862
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2019-11248

Source: XF
Type: UNKNOWN
kubernetes-cve201911248-info-disc(164836)

Source: CCN
Type: Kubernetes GIT Repository
CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port #81023

Source: CONFIRM
Type: Patch, Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/81023

Source: MLIST
Type: Mailing List, Third Party Advisory
CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port

Source: CCN
Type: Kubernetes Web site
Kubernetes

Source: CCN
Type: oss-sec Mailing List, Tue, 6 Aug 2019 09:35:44 -0700
[ANNOUNCE] CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20190919-0003/

Source: CCN
Type: IBM Security Bulletin 1143454 (Watson Studio Local)
Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local

Source: CCN
Type: IBM Security Bulletin 6381242 (Netezza for Cloud Pak for Data)
Open Source Secuity issues fixed for NPS softlayer provisioner.

Source: CCN
Type: IBM Security Bulletin 6436613 (InfoSphere Information Server)
Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server

Vulnerable Configuration:Configuration 1:
  • cpe:/a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (Version < 1.12.10)
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.1:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.1:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.2:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.2:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.3:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.3:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.4:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.4:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.5:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.5:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.6:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.6:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.7:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.7:beta.0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.8:beta.0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.1:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.1:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.2:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.2:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.3:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.3:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.4:beta.0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:alpha0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:alpha1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:alpha2:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:alpha3:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:beta0:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:rc1:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:kubernetes:kubernetes:1.12.0:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.13.0:-:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:kubernetes:kubernetes:1.15.0:-:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:infosphere_information_server:11.7:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:watson_studio_local:1.2.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.disco:def:2019112480000000
    V
    		CVE-2019-11248 on Ubuntu 19.04 (disco) - medium.
    2019-08-29
    BACK
    kubernetes kubernetes *
    kubernetes kubernetes 1.13.0 -
    kubernetes kubernetes 1.13.0 alpha0
    kubernetes kubernetes 1.13.0 alpha1
    kubernetes kubernetes 1.13.0 alpha2
    kubernetes kubernetes 1.13.0 alpha3
    kubernetes kubernetes 1.13.0 beta0
    kubernetes kubernetes 1.13.0 beta1
    kubernetes kubernetes 1.13.0 beta2
    kubernetes kubernetes 1.13.0 rc1
    kubernetes kubernetes 1.13.0 rc2
    kubernetes kubernetes 1.13.1 -
    kubernetes kubernetes 1.13.1 beta0
    kubernetes kubernetes 1.13.2 -
    kubernetes kubernetes 1.13.2 beta0
    kubernetes kubernetes 1.13.3 -
    kubernetes kubernetes 1.13.3 beta0
    kubernetes kubernetes 1.13.4 -
    kubernetes kubernetes 1.13.4 beta0
    kubernetes kubernetes 1.13.5 -
    kubernetes kubernetes 1.13.5 beta0
    kubernetes kubernetes 1.13.6 -
    kubernetes kubernetes 1.13.6 beta0
    kubernetes kubernetes 1.13.7 -
    kubernetes kubernetes 1.13.7 beta.0
    kubernetes kubernetes 1.13.8 beta.0
    kubernetes kubernetes 1.14.0 -
    kubernetes kubernetes 1.14.0 alpha0
    kubernetes kubernetes 1.14.0 alpha1
    kubernetes kubernetes 1.14.0 alpha2
    kubernetes kubernetes 1.14.0 alpha3
    kubernetes kubernetes 1.14.0 beta0
    kubernetes kubernetes 1.14.0 beta1
    kubernetes kubernetes 1.14.0 beta2
    kubernetes kubernetes 1.14.0 rc1
    kubernetes kubernetes 1.14.1 -
    kubernetes kubernetes 1.14.1 beta0
    kubernetes kubernetes 1.14.2 -
    kubernetes kubernetes 1.14.2 beta0
    kubernetes kubernetes 1.14.3 -
    kubernetes kubernetes 1.14.3 beta0
    kubernetes kubernetes 1.14.4 beta.0
    kubernetes kubernetes 1.15.0 alpha0
    kubernetes kubernetes 1.15.0 alpha1
    kubernetes kubernetes 1.15.0 alpha2
    kubernetes kubernetes 1.15.0 alpha3
    kubernetes kubernetes 1.15.0 beta0
    kubernetes kubernetes 1.15.0 beta1
    kubernetes kubernetes 1.15.0 beta2
    kubernetes kubernetes 1.15.0 rc1
    kubernetes kubernetes 1.12.0 -
    kubernetes kubernetes 1.13.0 -
    kubernetes kubernetes 1.14.0
    kubernetes kubernetes 1.15.0 -
    ibm infosphere information server 11.7
    ibm watson studio local 1.2.3