CVE-2019-11252 — Information Exposure via Error Message in Kubernetes

CWE-209 — Information Exposure via Error Message6 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.6%

top 30.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubernetes Debian Kubernetes

Timeline

PublishedJul 23

Latest updateJul 24

Description

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/kubernetes< kubernetes 1.18.0-1 (bookworm)

▶Debiankubernetes/kubernetes< 1.18.0-1+3

▶NVDkubernetes/kubernetes1.0.0 — 1.17.0

▶CVEListV5kubernetes/kubernetes12 versions+11

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2019-11252: The Kubernetes kube-controller-manager in versions v1↗2020-07-23

▶

📋Vendor Advisories

Red Hat

kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes↗2020-03-04

▶

Debian

CVE-2019-11252: kubernetes - The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a...↗2019

▶

💬Community

Bugzilla

CVE-2019-11252 origin: kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes [fedora-all]↗2020-07-24

▶

Bugzilla

CVE-2019-11252 kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes↗2020-07-23

▶