Tuesday, June 25, 2019

Vuln: Kubernetes CVE-2019-11246 Incomplete Fix Arbitrary File Overwrite Vulnerability



Kubernetes is prone to a vulnerability that may allow attackers to overwrite arbitrary files.

Successful exploits may allow an attacker to write arbitrary files in the context of the user running the affected application.

Versions prior to kubernetes 1.12.9, 1.13.6, and 1.14.2 are vulnerable.
exploit



Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
solution



Solution:
Updates are available. Please see the references or vendor advisory for more information.

info



Bugtraq ID: 108866
Class: Input Validation Error
CVE: CVE-2019-11246
Remote: Yes
Local: No
Published: Jun 21 2019 12:00AM
Updated: Jun 21 2019 12:00AM
Credit: Kubernetes Product Security Committee
Vulnerable: Redhat OpenShift Container Platform 3.9
Redhat OpenShift Container Platform 3.11
Redhat OpenShift Container Platform 3.10
Redhat Gluster Storage 3.0
Kubernetes Kubernetes 1.14
Kubernetes Kubernetes 1.13.5
Kubernetes Kubernetes 1.13.4
Kubernetes Kubernetes 1.13.3
Kubernetes Kubernetes 1.13
Kubernetes Kubernetes 1.12.7
Kubernetes Kubernetes 1.12.6
Kubernetes Kubernetes 1.12.5
Kubernetes Kubernetes 1.12.4
Kubernetes Kubernetes 1.12.3
Kubernetes Kubernetes 1.12.2
Kubernetes Kubernetes 1.12.1
Kubernetes Kubernetes 1.12
Kubernetes Kubernetes 1.11.9
Kubernetes Kubernetes 1.11.8
Kubernetes Kubernetes 1.11.7
Kubernetes Kubernetes 1.11.6
Kubernetes Kubernetes 1.11.5
Kubernetes Kubernetes 1.11.4
Kubernetes Kubernetes 1.11.3
Kubernetes Kubernetes 1.11.2
Kubernetes Kubernetes 1.11.1
Kubernetes Kubernetes 1.11
Not Vulnerable: Kubernetes Kubernetes 1.14.2
Kubernetes Kubernetes 1.13.6
Kubernetes Kubernetes 1.12.9
references



from SecurityFocus Vulnerabilities http://bit.ly/2X3ldj6
Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)