CVE-2019-11248

Published Aug 29, 2019

Last updated 4 years ago

CVSS high 8.2

Overview

Description: The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
Source: jordan@liggitt.net
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 4.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 6.4
Impact score: 4.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-862
jordan@liggitt.net: CWE-419

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF491B76-31AF-401F-BDCA-2B825BD00B18",
            "versionEndExcluding": "1.12.10"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46561812-D492-4752-B461-726CB59ACF20"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23A873E8-B8AA-4F44-B7D5-25F4C40CCA91"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F708C4D8-12E6-4CBC-8ECD-A5F0F5EFDA39"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA9EC2A9-1C77-4701-8F93-8000FF716AB4"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CBA108A-AE8C-4C6D-AEDC-22B628FAC588"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F82D886D-F427-45D1-B39B-51D7C1945AAB"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52E0AE58-9B46-4404-B83E-41A0AD5A4CC6"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "579E840C-9FE1-4843-B93F-16D64D19A4DB"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A0A3812-0619-4D6C-8192-96BDE9DBC809"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14AD34AC-D1CB-4E37-B570-C902F6033D30"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F69FEB72-F836-4AE3-99BB-3237A9011089"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.1:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2BD120EE-6A09-46FC-B6EB-40CD44B54450"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ED1F6346-9C0B-4916-9FEF-9CFB1A19F977"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.2:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06674061-F269-4176-8A4B-6FF9D3E8A5B6"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FEEE7CFF-9B3E-4B76-AFF6-18626060F46B"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.3:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "028EB2D3-3490-4D12-B2E4-C330B015F0E7"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B34DB5C-F1C0-42E3-A3E8-300C2E87FE04"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.4:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "471B216A-3B92-4033-8E06-8523EA167132"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1E81600-D293-4B9B-BDB6-4057308A7876"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.5:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59EA6211-D671-42EC-BEAE-698CB47FD529"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.6:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DA1071A-7489-45B5-875C-D3F8401BC726"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.6:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CC774DD-08F0-4AC4-A0A9-67F86A7ED2E5"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BAE36DCA-CBFD-4536-9760-5B6BEF1FFDAF"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.7:beta.0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AE75E512-849E-4153-A469-EB271DB58F2D"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.8:beta.0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CEF4BDF-5189-4FD9-8037-DD15E147F611"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "428B51D5-37DA-4C4D-A4BF-09F8CAB04A94"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34A6AC2D-82C4-4E1F-8D9A-159E31A4F790"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "002991E8-6CC8-4F58-89B3-0B1AF2447DD5"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EA02FED-0377-4E4B-A86F-EE44F0E27360"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1496A02B-29F5-4DD5-B9FE-B39C5B77E8CF"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "59D7C9A1-A467-46A5-A03E-A04BD35287C7"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41BF2E7F-E6DB-4ED0-B943-247B4F592C7E"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF0406C1-854E-4B4D-AC1E-7DE304356030"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "300E9B49-446B-406C-B219-360BD97D6EC1"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AEA05A4-1B15-4E86-AD77-9D0BC1822AC7"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.1:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD7A10F0-A32E-4B56-8706-F09CE7914557"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "149679C2-2A81-4783-8CFD-13DC0FD5BE4B"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.2:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB97EBDA-CC98-4D92-B3F9-1BFBB21898B8"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CBB6E83-04DF-4B19-B638-F1F3183BE8C2"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.3:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6EB704F-AA52-4308-9451-9700EAB596F8"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.4:beta.0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D72214C5-AA44-4937-A42A-C2FD1E0EF7D0"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B87B49B8-1441-45B6-9A72-E3C5A278883D"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A14876D-D0FA-4883-AEC6-28E29F5E3CA7"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "401E0997-C67F-471C-B596-92B9773A3AEF"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF1B7B10-AC15-4022-BDC9-71CF82130E3B"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:beta0:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "550C5D3B-2C70-4411-A54D-3D07EAEFD7E7"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE430085-EA45-43B6-8AF2-30AD462D0F69"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5652A16C-F032-4FC0-BFEC-04768D259470"
          },
          {
            "criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "874991D0-5C48-4D10-B2E4-51D6BE2298E4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References