CVE-2019-11248 Kubernetes kubelet exposes /debug/pprof info on healthz port

🗓️ 29 Aug 2019 00:26:08Reported by kubernetesType

Kubernetes kubelet exposes /debug/pprof info on healthz port. The debugging endpoint is exposed over the unauthenticated Kubelet healthz port, potentially leaking sensitive information

Reporter	Title	Published	Views	Family All 34
IBM Security Bulletins	Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerability (CVE-2019-11248)	19 Aug 201915:22	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Kubernetes affects IBM Watson Studio Local	20 Dec 201913:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server	1 Apr 202121:05	–	ibm
IBM Security Bulletins	Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11248)	23 Nov 201916:46	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.	11 Dec 202007:10	–	ibm
Circl	CVE-2019-11248	18 Jul 202203:11	–	circl
CVE	CVE-2019-11248	29 Aug 201900:26	–	cve
Debian CVE	CVE-2019-11248	29 Aug 201900:26	–	debiancve
Fedora	[SECURITY] Fedora 30 Update: kubernetes-1.15.2-1.fc30	26 Aug 201900:53	–	fedora
Tenable Nessus	Fedora 30 : kubernetes (2019-2b8ef08c95)	26 Aug 201900:00	–	nessus

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "status": "affected",
        "version": "prior to 1.12.10"
      },
      {
        "status": "affected",
        "version": "prior to 1.13.8"
      },
      {
        "status": "affected",
        "version": "prior to 1.14.4"
      },
      {
        "status": "affected",
        "version": "1.1"
      },
      {
        "status": "affected",
        "version": "1.2"
      },
      {
        "status": "affected",
        "version": "1.4"
      },
      {
        "status": "affected",
        "version": "1.5"
      },
      {
        "status": "affected",
        "version": "1.6"
      },
      {
        "status": "affected",
        "version": "1.7"
      },
      {
        "status": "affected",
        "version": "1.8"
      },
      {
        "status": "affected",
        "version": "1.9"
      },
      {
        "status": "affected",
        "version": "1.10"
      },
      {
        "status": "affected",
        "version": "1.11"
      }
    ]
  }
]

Source	Link
groups	www.groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ
github	www.github.com/kubernetes/kubernetes/issues/81023
security	www.security.netapp.com/advisory/ntap-20190919-0003/

19 Sep 2019 16:06Current

7.9High risk

Vulners AI Score7.9

CVSS 36.5

EPSS0.91212

CWE-419