Unrated severityNVD Advisory· Published Aug 29, 2019· Updated Sep 17, 2024

Kubernetes kubelet exposes /debug/pprof info on healthz port

CVE-2019-11248

Description

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

Affected products

Kubernetes/Kubernetesv5
Range: prior to 1.12.10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/kubernetes/kubernetes/issues/81023mitrex_refsource_CONFIRM
groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJmitremailing-listx_refsource_MLIST
security.netapp.com/advisory/ntap-20190919-0003/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.073
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000