CVE-2019-11244 - OpenCVE

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Openshift Container Platform
Netapp	Trident
Kubernetes	Kubernetes

Configuration 1 [-]

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*
	cpe:2.3:a:redhat:openshift_container_platform:4.1:::::::*

References

Link	Resource
http://www.securityfocus.com/bid/108064	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:3942	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0020	Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0074	Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/76676	Third Party Advisory
https://security.netapp.com/advisory/ntap-20190509-0002/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published: 2019-04-22T14:54:15

Updated: 2020-01-21T19:06:10

Reserved: 2019-04-17T00:00:00

Link: CVE-2019-11244

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-04-22T15:29:00.837

Modified: 2020-10-02T13:18:57.443

Link: CVE-2019-11244

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"lessThan": "v1.8*", "status": "affected", "version": "v1.8.0", "versionType": "custom"}, {"lessThan": "v1.9*", "status": "affected", "version": "v1.9.0", "versionType": "custom"}, {"lessThan": "v1.10*", "status": "affected", "version": "v1.10.0", "versionType": "custom"}, {"lessThan": "v1.11*", "status": "affected", "version": "v1.11.0", "versionType": "custom"}, {"lessThan": "v1.12*", "status": "affected", "version": "v1.12.0", "versionType": "custom"}, {"lessThan": "v1.13*", "status": "affected", "version": "v1.13.0", "versionType": "custom"}, {"lessThan": "v1.14*", "status": "affected", "version": "v1.14.0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jordan Zebor of F5 Networks"}], "descriptions": [{"lang": "en", "value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-524", "description": "CWE-524 Information Exposure Through Caching", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-01-21T19:06:10", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/kubernetes/issues/76676"}, {"name": "108064", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108064"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"}, {"name": "RHSA-2019:3942", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:3942"}, {"name": "RHSA-2020:0020", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0020"}, {"name": "RHSA-2020:0074", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2020:0074"}], "source": {"discovery": "UNKNOWN"}, "title": "kubectl creates world-writeable cached schema files", "workarounds": [{"lang": "en", "value": "Use the default --http-cache location in the $HOME directory or point it at a directory that is only accessible to desired users/groups."}], "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "ID": "CVE-2019-11244", "STATE": "PUBLIC", "TITLE": "kubectl creates world-writeable cached schema files"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": ">=", "version_name": "v1.8", "version_value": "v1.8.0"}, {"version_affected": ">=", "version_name": "v1.9", "version_value": "v1.9.0"}, {"version_affected": ">=", "version_name": "v1.10", "version_value": "v1.10.0"}, {"version_affected": ">=", "version_name": "v1.11", "version_value": "v1.11.0"}, {"version_affected": ">=", "version_name": "v1.12", "version_value": "v1.12.0"}, {"version_affected": ">=", "version_name": "v1.13", "version_value": "v1.13.0"}, {"version_affected": ">=", "version_name": "v1.14", "version_value": "v1.14.0"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Jordan Zebor of F5 Networks"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-524 Information Exposure Through Caching"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kubernetes/kubernetes/issues/76676", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/76676"}, {"name": "108064", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108064"}, {"name": "https://security.netapp.com/advisory/ntap-20190509-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"}, {"name": "RHSA-2019:3942", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:3942"}, {"name": "RHSA-2020:0020", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0020"}, {"name": "RHSA-2020:0074", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2020:0074"}]}, "source": {"discovery": "UNKNOWN"}, "work_around": [{"lang": "en", "value": "Use the default --http-cache location in the $HOME directory or point it at a directory that is only accessible to desired users/groups."}]}}}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2019-11244", "datePublished": "2019-04-22T14:54:15", "dateReserved": "2019-04-17T00:00:00", "dateUpdated": "2020-01-21T19:06:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "A57F3AC4-5E09-4C16-91A7-80D54F8F968C", "versionEndIncluding": "1.14.1", "versionStartIncluding": "1.8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."}, {"lang": "es", "value": "En Kubernetes versi\u00f3n 1.8.x hasta versi\u00f3n 1.14.x, el componente kubectl almacena en cach\u00e9 la informaci\u00f3n del esquema en la ubicaci\u00f3n especificada por --cache-dir (defaulting to $HOME/.kube/http-cache), escrita con permisos world-writeable (rw-rw-rw-). Si se especifica --cache-dir y se apunta a una ubicaci\u00f3n distinta accesible para otros usuarios o grupos, los archivos escritos pueden ser modificados por otros usuarios o grupos e interrumpir la invocaci\u00f3n de Kubectl."}], "id": "CVE-2019-11244", "lastModified": "2020-10-02T13:18:57.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 0.8, "impactScore": 2.5, "source": "jordan@liggitt.net", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-22T15:29:00.837", "references": [{"source": "jordan@liggitt.net", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/108064"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2019:3942"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0020"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2020:0074"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/76676"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20190509-0002/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-524"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}