CVE-2019-11243

CVSS 3.1 LOWEPSS 1.5%CWE-271

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Produtos afetados

Kubernetes · Kubernetes

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/kubernetes/kubernetes/issues/76797 https://security.netapp.com/advisory/ntap-20190509-0002/http://www.securityfocus.com/bid/108053