CVE-2019-11243 - OpenCVE

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Netapp	Trident
Kubernetes	Kubernetes

Configuration 1 [-]

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes:1.13.0:::::::*

Configuration 2 [-]

cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/108053	Third Party Advisory VDB Entry
https://github.com/kubernetes/kubernetes/issues/76797	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0002/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published: 2019-04-22T14:54:15

Updated: 2019-05-09T10:06:03

Reserved: 2019-04-17T00:00:00

Link: CVE-2019-11243

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-04-22T15:29:00.790

Modified: 2020-10-02T13:17:21.587

Link: CVE-2019-11243

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "v1.12.4", "status": "affected", "version": "v1.12", "versionType": "custom"}, {"lessThanOrEqual": "v1.13.0", "status": "affected", "version": "v1.13", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Oleg Bulatov of Red Hat"}], "descriptions": [{"lang": "en", "value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-271", "description": "CWE-271 Privilege Dropping / Lowering Errors", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-05-09T10:06:03", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/kubernetes/issues/76797"}, {"name": "108053", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108053"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"}], "source": {"discovery": "USER"}, "workarounds": [{"lang": "en", "value": "Clear the config.WrapTransport and config.Transport fields in addition to calling rest.AnonymousClientConfig()"}], "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "jordan@liggitt.net", "ID": "CVE-2019-11243", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "<=", "version_name": "v1.12", "version_value": "v1.12.4"}, {"version_affected": "<=", "version_name": "v1.13", "version_value": "v1.13.0"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Oleg Bulatov of Red Hat"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-271 Privilege Dropping / Lowering Errors"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubernetes/kubernetes/issues/76797", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/76797"}, {"name": "108053", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108053"}, {"name": "https://security.netapp.com/advisory/ntap-20190509-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"}]}, "source": {"discovery": "USER"}, "work_around": [{"lang": "en", "value": "Clear the config.WrapTransport and config.Transport fields in addition to calling rest.AnonymousClientConfig()"}]}}}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2019-11243", "datePublished": "2019-04-22T14:54:15", "dateReserved": "2019-04-17T00:00:00", "dateUpdated": "2019-05-09T10:06:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "DA1909D3-D45E-4AD4-B773-51ADCFC63113", "versionEndIncluding": "1.12.4", "versionStartIncluding": "1.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:*:*:*:*:*:*:*", "matchCriteriaId": "E277E5AC-48ED-4993-9D3F-F0551E70BBE0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"}, {"lang": "es", "value": "En Kubernetes versi\u00f3n 1.12.0 hasta versi\u00f3n 1.12.4 y versi\u00f3n 1.13.0, el m\u00e9todo rest.AnonymousClientConfig() retorna una copia de la configuraci\u00f3n provista, con las credenciales removidas (token de portador, nombre de usuario/contrase\u00f1a y certificado/clave del cliente). En las versiones afectadas, la funci\u00f3n rest.AnonymousClientConfig() no limpi\u00f3 efectivamente las credenciales de cuenta de servicio cargadas usando la funci\u00f3n rest.InClusterConfig()."}], "id": "CVE-2019-11243", "lastModified": "2020-10-02T13:17:21.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "jordan@liggitt.net", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-22T15:29:00.790", "references": [{"source": "jordan@liggitt.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108053"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/76797"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-212"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-271"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}