5 matches found
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-1022
Summary Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372, Docker CVE-2019-17149, CVE-2019-17150, Kubernetes CVE-2019-11245, CVE-2019-11253, CVE-2019-10223, CVE-2019-17110 Vulnerability Details...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Kubernetes (CVE-2019-17110, CVE-2019-10223, CVE-2019-11253)
Summary Security Vulnerabilities affect IBM Cloud Private - Kubernetes Vulnerability Details CVEID: CVE-2019-17110 DESCRIPTION: A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 and v1.7.1 that enabled annotations to be exposed a...
CVE-2019-10223
A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...
CVE-2019-10223
Kube-state-metrics before v1.7.2 exposes secret contents via metrics due to an experimental feature in v1.7.0/1.7.1 that combined with kubectl behavior can place secret data into metric labels. The issue was reverted and fixed in v1.7.2; users running 1.7.0/1.7.1 should upgrade to 1.7.2 as soon a...
CVE-2019-17110
CVE-2019-17110 concerns kube-state-metrics 1.7.x before 1.7.2, where an experimental feature exposed annotations as metrics. This could cause secret content to be leaked via metric labels when combined with default kubectl behavior. Root cause: enabling annotation-to-metric exposure. Impact: expo...