QwikSec

Security Database

CVE

CWE

Training

CVE-2019-11244

Published: Apr 22, 2019

Modified: Aug 4, 2024

PUBLISHED

CVSS v3.0

3.3

LOW

Description

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.

Vendor	Product	Versions
Kubernetes	Kubernetes	affected `v1.8.0 - < v1.8` affected `v1.9.0 - < v1.9` affected `v1.10.0 - < v1.10` affected `v1.11.0 - < v1.11` affected `v1.12.0 - < v1.12*` +2 more versions

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/kubernetes/kubernetes/issues/76676

x_refsource_MISC

vdb-entry

x_refsource_BID

https://security.netapp.com/advisory/ntap-20190509-0002/

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.