Vulnerability Description
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Container Ingress Service | 1.9.0 |
| Redhat | Openshift | - |
Related Weaknesses (CWE)
References
- https://support.f5.com/csp/article/K74327432Vendor Advisory
- https://support.f5.com/csp/article/K74327432?utm_source=f5support&%3Butm_medi
- https://support.f5.com/csp/article/K74327432Vendor Advisory
- https://support.f5.com/csp/article/K74327432?utm_source=f5support&%3Butm_medi
FAQ
What is CVE-2019-6648?
CVE-2019-6648 is a vulnerability with a CVSS score of 4.4 (MEDIUM). On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and...
How severe is CVE-2019-6648?
CVE-2019-6648 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-6648?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Container Ingress Service, Redhat Openshift.