CVE-2019-11244
published 2019-04-22CVE-2019-11244: In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with…
medium5CVSS 3.1
AVLACLPRLUIRSUCNIHAN
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | — | — |
| k8s.io | client-go | >= 1.8.0 < 1.12.9 | 1.12.9 |
| kubernetes | kubernetes | 1.8.0 – 1.14.1 | — |
| kubernetes | kubernetes | >= v1.10.0 < v1.10* | v1.10* |
| kubernetes | kubernetes | >= v1.11.0 < v1.11* | v1.11* |
| kubernetes | kubernetes | >= v1.12.0 < v1.12* | v1.12* |
| kubernetes | kubernetes | >= v1.13.0 < v1.13* | v1.13* |
| kubernetes | kubernetes | >= v1.14.0 < v1.14* | v1.14* |
| kubernetes | kubernetes | >= v1.8.0 < v1.8* | v1.8* |
| kubernetes | kubernetes | >= v1.9.0 < v1.9* | v1.9* |
| redhat | openshift_container_platform | — | — |
| redhat | openshift_container_platform | — | — |