High severityNVD Advisory· Published Apr 22, 2019· Updated Aug 4, 2024
CVE-2019-11243
CVE-2019-11243
Description
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | >= 1.12.0, < 1.12.5 | 1.12.5 |
k8s.io/kubernetesGo | >= 1.13.0, < 1.13.1 | 1.13.1 |
Affected products
1- Range: v1.12
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-gc2p-g4fg-29vhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-11243ghsaADVISORY
- www.securityfocus.com/bid/108053mitrevdb-entryx_refsource_BID
- github.com/kubernetes/kubernetes/issues/76797ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20190509-0002ghsaWEB
- security.netapp.com/advisory/ntap-20190509-0002/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.