Lucene search

K
ubuntucveUbuntu.comUB:CVE-2019-11248
HistoryAug 29, 2019 - 12:00 a.m.

CVE-2019-11248

2019-08-2900:00:00
ubuntu.com
ubuntu.com
65

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.556 Medium

EPSS

Percentile

97.6%

The debugging endpoint /debug/pprof is exposed over the unauthenticated
Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet’s
healthz port. This debugging endpoint can potentially leak sensitive
information such as internal Kubelet memory addresses and configuration, or
for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8,
and 1.12.10 are affected. The issue is of medium severity, but not exposed
by the default configuration.

Notes

Author Note
leosilva kubernates is in fact a kubernetes installer that calls snap, not the package it self.

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.556 Medium

EPSS

Percentile

97.6%