CVE-2019-11244 — Use of Cache Containing Sensitive Information in Kubernetes
Severity
5.0MEDIUMNVD
EPSS
0.1%
top 73.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 22
Latest updateFeb 15
Description
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:NExploitability: 1.3 | Impact: 3.6
Affected Packages3 packages
Also affects: Openshift Container Platform 3.11, 4.1
🔴Vulnerability Details
3📋Vendor Advisories
2💬Community
6Bugzilla▶
CVE-2019-11244 kubernetes:1.1/kubernetes: Schema info written with world-writeable permissions when cached [fedora-29]↗2019-04-25
Bugzilla▶
CVE-2019-11244 kubernetes: Schema info written with world-writeable permissions when cached↗2019-04-25
Bugzilla▶
CVE-2019-11244 containernetworking-cni: kubernetes: Schema info written with world-writeable permissions when cached [epel-7]↗2019-04-25
Bugzilla▶
CVE-2019-11244 kubernetes: Schema info written with world-writeable permissions when cached [fedora-all]↗2019-04-25
Bugzilla▶
CVE-2019-11244 origin: kubernetes: Schema info written with world-writeable permissions when cached [fedora-all]↗2019-04-25