Lucene search
K

5 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2020/03/06 8:58 p.m.42 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX (CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372), Docker (CVE-2019-17149, CVE-2019-17150), Kubernetes (CVE-2019-11245, CVE-2019-11253, CVE-2019-1022

Summary Security Bulletin: Security Vulnerabilities affect IBM Cloud Private for Data V2.1.0 NGINX CVE-2019-12206, CVE-2019-12207, CVE-2019-12208, CVE-2019-20372, Docker CVE-2019-17149, CVE-2019-17150, Kubernetes CVE-2019-11245, CVE-2019-11253, CVE-2019-10223, CVE-2019-17110 Vulnerability Details...

9.8CVSS1.2AI score0.25939EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/02/14 11:27 p.m.34 views

Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Kubernetes (CVE-2019-17110, CVE-2019-10223, CVE-2019-11253)

Summary Security Vulnerabilities affect IBM Cloud Private - Kubernetes Vulnerability Details CVEID: CVE-2019-17110 DESCRIPTION: A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 and v1.7.1 that enabled annotations to be exposed a...

7.5CVSS0.1AI score0.25939EPSS
Exploits3Affected Software1
OSV
OSV
added 2019/11/05 12:15 p.m.38 views

CVE-2019-10223

A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of...

6.5CVSS6.6AI score0.0178EPSS
Exploits1References4
CVE
CVE
added 2019/11/05 11:40 a.m.76 views

CVE-2019-10223

Kube-state-metrics before v1.7.2 exposes secret contents via metrics due to an experimental feature in v1.7.0/1.7.1 that combined with kubectl behavior can place secret data into metric labels. The issue was reverted and fixed in v1.7.2; users running 1.7.0/1.7.1 should upgrade to 1.7.2 as soon a...

6.5CVSS6.4AI score0.0178EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2019/10/03 7:21 p.m.115 views

CVE-2019-17110

CVE-2019-17110 concerns kube-state-metrics 1.7.x before 1.7.2, where an experimental feature exposed annotations as metrics. This could cause secret content to be leaked via metric labels when combined with default kubectl behavior. Root cause: enabling annotation-to-metric exposure. Impact: expo...

6.5AI score
Exploits0
Rows per page
Query Builder