CVE-2019-6648
First published: Wed Sep 04 2019(Updated: )
On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.
Credit: f5sirt@f5.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Container Ingress Service | =1.9.0 | |
| Redhat Openshift |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2019-6648.
What is the severity of CVE-2019-6648?
The severity of CVE-2019-6648 is medium with a severity value of 4.4.
Which software versions are affected by CVE-2019-6648?
Version 1.9.0 of F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) are affected by CVE-2019-6648.
What is the risk of CVE-2019-6648?
CVE-2019-6648 poses a risk as the log files of F5 Container Ingress Service (CIS) may contain sensitive information such as SSL Private Keys and Private key Passphrases.
How can I mitigate CVE-2019-6648?
To mitigate CVE-2019-6648, ensure that DEBUG logging is disabled in F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr).
- agent/references
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/severity
- agent/author
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/f5
- canonical/f5 container ingress service
- version/f5 container ingress service/1.9.0
- vendor/redhat
- canonical/redhat openshift