CVE-2019-11244 kubectl creates world-writeable cached schema files

🗓️ 22 Apr 2019 14:54:15Reported by kubernetesType

kubectl creates world-writeable cached schema file

Reporter	Title	Published	Views	Family All 44
IBM Security Bulletins	Security Bulletin: IBM Event Streams is affected by kubectl vulnerabilities	12 Jul 201913:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to a Kubernetes vulnerability (CVE-ID: CVE-2019-11244)	2 Jan 202013:57	–	ibm
Circl	CVE-2019-11244	17 Aug 202522:39	–	circl
CVE	CVE-2019-11244	22 Apr 201914:54	–	cve
Debian CVE	CVE-2019-11244	22 Apr 201914:54	–	debiancve
Oracle linux	kubernetes security update	29 Jul 201900:00	–	oraclelinux
Oracle linux	kubeadm-ha-setup security update	29 Jul 201900:00	–	oraclelinux
Oracle linux	kubernetes security update	29 Jul 201900:00	–	oraclelinux
Oracle linux	kubernetes security update	29 Jul 201900:00	–	oraclelinux
Oracle linux	kubernetes security update	29 Jul 201900:00	–	oraclelinux

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "lessThan": "v1.8*",
        "status": "affected",
        "version": "v1.8.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.9*",
        "status": "affected",
        "version": "v1.9.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.10*",
        "status": "affected",
        "version": "v1.10.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.11*",
        "status": "affected",
        "version": "v1.11.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.12*",
        "status": "affected",
        "version": "v1.12.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.13*",
        "status": "affected",
        "version": "v1.13.0",
        "versionType": "custom"
      },
      {
        "lessThan": "v1.14*",
        "status": "affected",
        "version": "v1.14.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2020:0020
access	www.access.redhat.com/errata/RHSA-2020:0074
access	www.access.redhat.com/errata/RHSA-2019:3942
securityfocus	www.securityfocus.com/bid/108064
security	www.security.netapp.com/advisory/ntap-20190509-0002/
github	www.github.com/kubernetes/kubernetes/issues/76676

21 Jan 2020 19:06Current

5.2Medium risk

Vulners AI Score5.2

CVSS 33.3

EPSS0.00097

CWE-524