Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
symantecSymantec Security ResponseSMNTC-111260
HistoryAug 13, 2019 - 12:00 a.m.

Kubernetes CVE-2019-11250 Information Disclosure Vulnerability

2019-08-1300:00:00
Symantec Security Response
www.symantec.com
22
JSON

Description

Kubernetes is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain potentially sensitive information. Information obtained may aid in further attacks. Versions prior to Kubernetes 1.16.0 are vulnerable.

Technologies Affected

  • Cisco CloudCenter Suite 5.1.3
  • Cisco CloudCenter Suite 5.2.0
  • Kubernetes Kubernetes 1.12.0
  • Kubernetes Kubernetes 1.12.1
  • Kubernetes Kubernetes 1.12.10
  • Kubernetes Kubernetes 1.12.2
  • Kubernetes Kubernetes 1.12.3
  • Kubernetes Kubernetes 1.12.4
  • Kubernetes Kubernetes 1.12.5
  • Kubernetes Kubernetes 1.12.6
  • Kubernetes Kubernetes 1.12.7
  • Kubernetes Kubernetes 1.12.9
  • Kubernetes Kubernetes 1.13.0
  • Kubernetes Kubernetes 1.13.3
  • Kubernetes Kubernetes 1.13.4
  • Kubernetes Kubernetes 1.13.5
  • Kubernetes Kubernetes 1.13.6
  • Kubernetes Kubernetes 1.13.8
  • Kubernetes Kubernetes 1.14.0
  • Kubernetes Kubernetes 1.14.2
  • Kubernetes Kubernetes 1.14.3
  • Kubernetes Kubernetes 1.14.4
  • Kubernetes Kubernetes 1.15.0
  • Redhat OpenShift Container Platform 3.10
  • Redhat OpenShift Container Platform 3.11
  • Redhat OpenShift Container Platform 3.9
  • Redhat OpenShift Container Platform 4.1

Recommendations

Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isnโ€™t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.

Run all software as a nonprivileged user with minimal access rights.
Run all non-administrative software as a non-administrative user with the least amount of privileges required to successfully operate. This will greatly reduce the potential damage that successful exploitation may achieve.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for anomalous or suspicious activity. Monitor logs (generated by NIDS and by the server) for evidence of attacks against the server.

Updates are available. Please see the references or vendor advisory for more information.

Related

gitlab 3
cve 1
github 1
nessus 6
ubuntucve 1
osv 4
prion 1
veracode 1
redhat 5
ibm 11
redhatcve 2
debiancve 1
hackerone 1
openvas 1
fedora 1
photon 6
gitlab
gitlab
Credentials Management
2019-08-29 00:00:00
Insertion of Sensitive Information into Log File
2022-05-24 00:00:00
Insertion of Sensitive Information into Log File
2022-05-24 00:00:00
cve
cve
CVE-2019-11250
2019-08-29 01:15:00
github
github
Kubernetes client-go library logs may disclose credentials to unauthorized users
2022-05-24 16:55:06
nessus
nessus
Photon OS 1.0: Kubernetes PHSA-2020-1.0-0288
2020-04-15 00:00:00
RHEL 7 : OpenShift Container Platform 3.11 atomic-openshift (RHSA-2019:4052)
2019-12-18 00:00:00
RHEL 7 / 8 : OpenShift Container Platform 4.1 openshift (RHSA-2019:4087)
2019-12-18 00:00:00
ubuntucve
ubuntucve
CVE-2019-11250
2019-08-29 00:00:00
osv
osv
Unauthorized credential disclosure in k8s.io/kubernetes and k8s.io/client-go
2021-04-14 20:04:52
CVE-2019-11250
2019-08-29 01:15:11
Kubernetes client-go library logs may disclose credentials to unauthorized users
2022-05-24 16:55:06
prion
prion
Design/Logic Flaw
2019-08-29 01:15:00
veracode
veracode
Information Disclosure
2019-08-14 02:24:54
redhat
redhat
(RHSA-2019:4052) Moderate: OpenShift Container Platform 3.11 atomic-openshift security update
2019-12-16 13:47:29
(RHSA-2019:4087) Moderate: OpenShift Container Platform 4.1 openshift security update
2019-12-17 01:57:41
(RHSA-2021:5085) Moderate: Red Hat OpenShift Data Foundation 4.9.0 enhancement, security, and bug fix update
2021-12-13 15:18:58
ibm
ibm
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kubernetes (CVE-2019-11250)
2019-11-23 15:24:42
Security Bulletin: IBM Cloud Pak for Data Scheduling contains a vulnerable kubectl package ( CVE-2019-11250 )
2023-12-06 16:00:08
Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak
2022-08-20 18:32:48
redhatcve
redhatcve
CVE-2019-11250
2019-08-13 02:23:16
CVE-2020-8565
2020-10-16 00:02:11
debiancve
debiancve
CVE-2019-11250
2019-08-29 01:15:00
hackerone
hackerone
Kubernetes: CVE-2019-11250 remains in effect.
2020-08-06 17:42:21
openvas
openvas
Fedora Update for kubernetes FEDORA-2019-2b8ef08c95
2019-08-27 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: kubernetes-1.15.2-1.fc30
2019-08-26 00:53:13
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0288
2020-04-11 00:00:00
Important Photon OS Security Update - PHSA-2020-0288
2020-04-11 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0229
2020-04-14 00:00:00
JSON
Related for SMNTC-111260
gitlab3cve1github1nessus6ubuntucve1osv4prion1veracode1redhat5ibm11redhatcve2debiancve1hackerone1openvas1fedora1photon6