13 matches found
VulnCheck KEV: CVE-2019-11248
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...
CVE-2019-11248
creationtimestamp| type| source ---|---|--- 2022-07-18 03:11:02+00:00| published-proof-of-concept| https://t.me/ctinow/55552 2024-10-03 01:20:50+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8661 2024-11-10 00:00:00+00:00| exploited| The Shadowserver...
Engel & Völkers Technology GmbH: CVE-2019-11248 on alertmanager.ev-cloud-platform.engelvoelkers.com
Summary: The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. Steps To Reproduce: Navigate to the following...
Security Bulletin: Open Source Secuity issues fixed for NPS softlayer provisioner.
Summary Fixed OSS issus for listed CVEs. Vulnerability Details CVEID: CVE-2020-7919 DESCRIPTION: Go is vulnerable to a denial of service. By sending a malformed X.509 certificate, a remote attacker could exploit this vulnerability to cause a system panic. CVSS Base score: 7.5 CVSS Temporal Score:...
CVE-2019-11248
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...
Photon OS 2.0: Kubernetes PHSA-2019-2.0-0177
An update of the kubernetes package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2019-2.0-0177. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2019-11248
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...
CVE-2019-11248 Kubernetes kubelet exposes /debug/pprof info on healthz port
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...
CVE-2019-11248
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for...
CVE-2019-11248
CVE-2019-11248 describes exposure of the Go pprof debugging endpoint at /debug/pprof on the unauthenticated Kubelet healthz port. The connected nuclei template confirms the issue: the pprof endpoint is exposed via the Kubelet healthz port, potentially leaking internal Kubelet memory addresses and...
Fedora Update for kubernetes FEDORA-2019-2b8ef08c95
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 30 : kubernetes (2019-2b8ef08c95)
Update to v1.15.2 + carry upstream 81330 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable...
Security Bulletin: IBM Cloud Kubernetes Service is affected by Kubernetes security vulnerability (CVE-2019-11248)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubelet healthz port that exposes the debugging endpoint on localhost CVE-2019-11248 Vulnerability Details CVE-ID: CVE-2019-11248 Description: Kubernetes could allow a remote attacker to obtain sensitive...