What is the severity of CVE-2019-11243?

The severity of CVE-2019-11243 is high with a CVSS score of 8.1.

What is the affected software for CVE-2019-11243?

The affected software for CVE-2019-11243 includes Kubernetes versions 1.12.0 to 1.12.4 and version 1.13.0 as well as Netapp Trident.

What is the reference for CVE-2019-11243?

The references for CVE-2019-11243 include the following: SecurityFocus BID 108053, GitHub issue #76797, and Netapp advisory NTAP-20190509-0002.

How can I fix CVE-2019-11243?

To fix CVE-2019-11243, it is recommended to upgrade to a non-vulnerable version of Kubernetes or apply the necessary patches and updates provided by the vendor.

Vulnerability/
CVE-2019-11243

high

8.1

CWE

212 271

22/4/2019

4/8/2024

CVE-2019-11243

Q: How does the rest.AnonymousClientConfig() method work in the affected versions?

In the affected versions, the rest.AnonymousClientConfig() method returns a copy of the provided config with credentials removed, such as the bearer token, username/password, and client certificate/key data.

First published: Mon Apr 22 2019(Updated: )

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()

Credit: jordan@liggitt.net

Affected Software	Affected Version	How to fix
Kubernetes Kubernetes	>=1.12.0<=1.12.4
Kubernetes Kubernetes	=1.13.0
Netapp Trident

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2019-11243?
The severity of CVE-2019-11243 is high with a CVSS score of 8.1.
What is the affected software for CVE-2019-11243?
The affected software for CVE-2019-11243 includes Kubernetes versions 1.12.0 to 1.12.4 and version 1.13.0 as well as Netapp Trident.
How does the rest.AnonymousClientConfig() method work in the affected versions?
In the affected versions, the rest.AnonymousClientConfig() method returns a copy of the provided config with credentials removed, such as the bearer token, username/password, and client certificate/key data.
What is the reference for CVE-2019-11243?
The references for CVE-2019-11243 include the following: SecurityFocus BID 108053, GitHub issue #76797, and Netapp advisory NTAP-20190509-0002.
How can I fix CVE-2019-11243?
To fix CVE-2019-11243, it is recommended to upgrade to a non-vulnerable version of Kubernetes or apply the necessary patches and updates provided by the vendor.

collector/nvd-index
agent/weakness
agent/references
agent/severity
agent/author
agent/description
agent/event
agent/type
agent/last-modified-date
agent/first-publish-date
agent/softwarecombine
agent/tags
collector/mitre-cve
source/MITRE
vendor/kubernetes
canonical/kubernetes kubernetes
version/kubernetes kubernetes/1.12.0
version/kubernetes kubernetes/1.12.4
version/kubernetes kubernetes/1.13.0
vendor/netapp
canonical/netapp trident

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.