Vulnerability Description
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | < 1.12.10 |
Related Weaknesses (CWE)
References
- https://github.com/kubernetes/kubernetes/issues/81023PatchThird Party Advisory
- https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20190919-0003/Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/81023PatchThird Party Advisory
- https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELMailing ListThird Party Advisory
- https://security.netapp.com/advisory/ntap-20190919-0003/Third Party Advisory
FAQ
What is CVE-2019-11248?
CVE-2019-11248 is a vulnerability with a CVSS score of 8.2 (HIGH). The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially ...
How severe is CVE-2019-11248?
CVE-2019-11248 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11248?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Kubernetes.