Lucene search

MitreCVELIST:CVE-2019-12494

HistoryJun 05, 2019 - 6:44 p.m.

CVE-2019-12494

2019-06-0518:44:33

mitre

www.cve.org

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one’s own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.

References

github.com/gardener/gardener/pull/874

github.com/gardener/vpn/issues/40

groups.google.com/forum/#%21topic/gardener/pH6dNIEhv-A

CVSS3

8.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.002

Percentile

51.6%

JSON

Related for CVELIST:CVE-2019-12494