CVE-2019-11252
Advisory lineage Upstream: 0 Downstream: 2
Downstream
Modified
Published: 23 Jul 2020, 14:47
Last modified:17 Sept 2024, 04:24
Vulnerability Summary
Overall Risk (default)
medium
26/100 CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.36% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
23 Jul 2020, 14:47
Published
Vulnerability first disclosed
17 Sept 2024, 04:24
Last Modified
Vulnerability information updated
Description
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
- v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.36%• Percentile: 58%
Techniques & Countermeasures
- CWE-209•Generation of Error Message Containing Sensitive Information
The product generates an error message that includes sensitive information about its environment, users, or associated data.
Affected Systems
- kubernetes•kubernetes
≥ 1.0.0, ≤ 1.17.0 | 1.16 | 1.17 | 1.6 | 1.7 | 1.8 | 1.9 | 1.10 | 1.11 | 1.12 | 1.13 | 1.14 | 1.15