All the vulnerabilites related to kubernetes - kubernetes
cve-2024-3177
Vulnerability from cvelistv5
Published
2024-04-22 23:00
Modified
2024-09-10 20:48
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ | mailing-list | |
| https://github.com/kubernetes/kubernetes/issues/124336 | issue-tracking |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 0 ≤ 1.27.12 Version: v1.28.0 - v1.28.8 Version: v1.29.0 - v1.29.3 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kubernetes",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "1.29.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3177",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T00:12:31.706727Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:33:03.250Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/124336"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/04/16/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.27.12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "affected",
"version": "v1.28.0 - v1.28.8"
},
{
"status": "affected",
"version": "v1.29.0 - v1.29.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "tha3e1vl"
}
],
"datePublic": "2024-04-16T10:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated.\u003c/div\u003e"
}
],
"value": "A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T20:48:09.780Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/124336"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTo mitigate this vulnerability, upgrade Kubernetes: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\"\u003ehttps://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/\u003c/a\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "To mitigate this vulnerability, upgrade Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-3177",
"datePublished": "2024-04-22T23:00:39.702Z",
"dateReserved": "2024-04-01T23:49:13.716Z",
"dateUpdated": "2024-09-10T20:48:09.780Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1905
Vulnerability from cvelistv5
Published
2016-02-03 15:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/19479 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.348Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/19479"
},
{
"name": "RHSA-2016:0070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-02-03T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/19479"
},
{
"name": "RHSA-2016:0070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-1905",
"datePublished": "2016-02-03T15:00:00",
"dateReserved": "2016-01-14T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3955
Vulnerability from cvelistv5
Published
2023-10-31 20:36
Modified
2024-10-15 17:57
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | kubelet |
Version: v1.28.0 Version: v1.27.0 ≤ v1.27.4 Version: v1.26.0 ≤ v1.26.7 Version: v1.25.0 ≤ v1.25.12 Version: 0 ≤ v1.24.16 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:08:50.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119595"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0002/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:kubelet:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kubelet",
"vendor": "kubernetes",
"versions": [
{
"status": "affected",
"version": "1.28.0"
},
{
"lessThanOrEqual": "1.27.4",
"status": "affected",
"version": "1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.26.7",
"status": "affected",
"version": "1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.25.12",
"status": "affected",
"version": "1.25.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.28.1"
},
{
"status": "unaffected",
"version": "1.27.5"
},
{
"status": "unaffected",
"version": "1.26.8"
},
{
"status": "unaffected",
"version": "1.25.13"
},
{
"status": "unaffected",
"version": "1.24.17"
},
{
"lessThanOrEqual": "1.24.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3955",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:15:32.217974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T17:57:40.577Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.28.0"
},
{
"lessThanOrEqual": "v1.27.4",
"status": "affected",
"version": "v1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.26.7",
"status": "affected",
"version": "v1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.25.12",
"status": "affected",
"version": "v1.25.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.28.1"
},
{
"status": "unaffected",
"version": "v1.27.5"
},
{
"status": "unaffected",
"version": "v1.26.8"
},
{
"status": "unaffected",
"version": "v1.25.13"
},
{
"status": "unaffected",
"version": "v1.24.17"
},
{
"lessThanOrEqual": "v1.24.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "James Sturtevant"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Mark Rossetti"
}
],
"datePublic": "2023-08-23T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\u003cbr\u003e"
}
],
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T20:36:54.352Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119595"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0002/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-3955",
"datePublished": "2023-10-31T20:36:54.352Z",
"dateReserved": "2023-07-26T13:51:11.192Z",
"dateUpdated": "2024-10-15T17:57:40.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25736
Vulnerability from cvelistv5
Published
2023-10-30 02:19
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port”) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip” field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip” field are unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:28.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/99958"
},
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231221-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Kube-Proxy"
],
"platforms": [
"Windows"
],
"product": "Kubernetes",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.20.5",
"status": "affected",
"version": "0",
"versionType": "v1.20.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Eric Paris "
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Christian Hernandez"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nKube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e"
}
],
"value": "Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-30T02:19:48.916Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/pull/99958"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231221-0003/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis issue has been fixed in the following versions:\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003e\nv1.21.0\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/li\u003e\u003cli\u003e\nv1.20.6\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/li\u003e\u003cli\u003e\nv1.19.10\u003cu\u003e\u003c/u\u003e\u003cu\u003e\u003c/u\u003e\u003c/li\u003e\u003cli\u003e\nv1.18.18\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This issue has been fixed in the following versions:\n\n\n\n * \nv1.21.0\n * \nv1.20.6\n * \nv1.19.10\n * \nv1.18.18\n\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Windows kube-proxy LoadBalancer contention",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25736",
"datePublished": "2023-10-30T02:19:48.916Z",
"dateReserved": "2021-01-21T21:42:58.237Z",
"dateUpdated": "2024-08-03T20:11:28.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8555
Vulnerability from cvelistv5
Published
2020-06-04 21:50
Modified
2024-09-16 18:39
Severity ?
EPSS score ?
Summary
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2020/06/01/4 | mailing-list, x_refsource_MLIST | |
| https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion | mailing-list, x_refsource_MLIST | |
| https://github.com/kubernetes/kubernetes/issues/91542 | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20200724-0005/ | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2021/05/04/8 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 1.18.0 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 Version: 1.13 Version: 1.14 Version: 1.15 < 1.15.12 Version: 1.16 < 1.16.9 Version: 1.17 < 1.17.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.110Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
},
{
"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "1.18.0"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"lessThan": "1.15.12",
"status": "affected",
"version": "1.15",
"versionType": "custom"
},
{
"lessThan": "1.16.9",
"status": "affected",
"version": "1.16",
"versionType": "custom"
},
{
"lessThan": "1.17.5",
"status": "affected",
"version": "1.17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master\u0027s host network (such as link-local or loopback services)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-04T20:06:18",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
},
{
"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/91542"
],
"discovery": "EXTERNAL"
},
"title": "Kubernetes kube-controller-manager SSRF",
"workarounds": [
{
"lang": "en",
"value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "",
"ID": "CVE-2020-8555",
"STATE": "PUBLIC",
"TITLE": "Kubernetes kube-controller-manager SSRF"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.15",
"version_value": "1.15.12"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.16",
"version_value": "1.16.9"
},
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.17",
"version_value": "1.17.5"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.18.0"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.1"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.2"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.3"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.4"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.5"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.6"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.7"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.8"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.9"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.10"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.11"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.12"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.13"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.14"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master\u0027s host network (such as link-local or loopback services)."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"name": "",
"refsource": "MLIST",
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/91542",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"name": "FEDORA-2020-aeea04cd13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200724-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
},
{
"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/91542"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8555",
"datePublished": "2020-06-04T21:50:11.749943Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T18:39:58.006Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25735
Vulnerability from cvelistv5
Published
2021-09-06 11:32
Modified
2024-09-16 23:40
Severity ?
EPSS score ?
Summary
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/100096 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/100096"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.18.17",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.19.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rogerio Bastos \u0026 Ari Lima"
}
],
"datePublic": "2021-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-372",
"description": "CWE-372 Incomplete Internal State Distinction",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-06T11:32:00",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/100096"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/100096"
],
"discovery": "EXTERNAL"
},
"title": "Validating Admission Webhook does not observe some previous fields",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-04-14T16:00:00.000Z",
"ID": "CVE-2021-25735",
"STATE": "PUBLIC",
"TITLE": "Validating Admission Webhook does not observe some previous fields"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.18.17"
},
{
"version_affected": "\u003c=",
"version_value": "1.19.9"
},
{
"version_affected": "\u003c=",
"version_value": "1.20.5"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rogerio Bastos \u0026 Ari Lima"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-372 Incomplete Internal State Distinction"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/100096",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/100096"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/100096"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25735",
"datePublished": "2021-09-06T11:32:00.853331Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:40:25.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1002105
Vulnerability from cvelistv5
Published
2018-12-05 21:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.0.x Version: v1.1.x Version: v1.2.x Version: v1.3.x Version: v1.4.x Version: v1.5.x Version: v1.6.x Version: v1.7.x Version: v1.8.x Version: v1.9.x Version: unspecified < v1.10.11 Version: unspecified < v1.11.5 Version: unspecified < v1.12.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
},
{
"name": "46053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46053/"
},
{
"name": "RHSA-2018:3549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3549"
},
{
"name": "RHSA-2018:3752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3752"
},
{
"name": "46052",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46052/"
},
{
"name": "RHSA-2018:3624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3624"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/71411"
},
{
"name": "RHSA-2018:3742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3742"
},
{
"name": "RHSA-2018:3754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3754"
},
{
"name": "RHSA-2018:3537",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3537"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/evict/poc_CVE-2018-1002105"
},
{
"name": "RHSA-2018:3598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3598"
},
{
"name": "RHSA-2018:3551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3551"
},
{
"name": "106068",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "openSUSE-SU-2020:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.0.x"
},
{
"status": "affected",
"version": "v1.1.x"
},
{
"status": "affected",
"version": "v1.2.x"
},
{
"status": "affected",
"version": "v1.3.x"
},
{
"status": "affected",
"version": "v1.4.x"
},
{
"status": "affected",
"version": "v1.5.x"
},
{
"status": "affected",
"version": "v1.6.x"
},
{
"status": "affected",
"version": "v1.7.x"
},
{
"status": "affected",
"version": "v1.8.x"
},
{
"status": "affected",
"version": "v1.9.x"
},
{
"lessThan": "v1.10.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.11.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.12.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Darren Shepherd"
}
],
"dateAssigned": "2018-11-05T00:00:00",
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Unchecked Error Condition",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T20:06:09",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
},
{
"name": "46053",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46053/"
},
{
"name": "RHSA-2018:3549",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3549"
},
{
"name": "RHSA-2018:3752",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3752"
},
{
"name": "46052",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46052/"
},
{
"name": "RHSA-2018:3624",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3624"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/71411"
},
{
"name": "RHSA-2018:3742",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3742"
},
{
"name": "RHSA-2018:3754",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3754"
},
{
"name": "RHSA-2018:3537",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3537"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/evict/poc_CVE-2018-1002105"
},
{
"name": "RHSA-2018:3598",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3598"
},
{
"name": "RHSA-2018:3551",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3551"
},
{
"name": "106068",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "openSUSE-SU-2020:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_ASSIGNED": "2018-11-05",
"ID": "CVE-2018-1002105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.0.x"
},
{
"version_affected": "=",
"version_value": "v1.1.x"
},
{
"version_affected": "=",
"version_value": "v1.2.x"
},
{
"version_affected": "=",
"version_value": "v1.3.x"
},
{
"version_affected": "=",
"version_value": "v1.4.x"
},
{
"version_affected": "=",
"version_value": "v1.5.x"
},
{
"version_affected": "=",
"version_value": "v1.6.x"
},
{
"version_affected": "=",
"version_value": "v1.7.x"
},
{
"version_affected": "=",
"version_value": "v1.8.x"
},
{
"version_affected": "=",
"version_value": "v1.9.x"
},
{
"version_affected": "\u003c",
"version_value": "v1.10.11"
},
{
"version_affected": "\u003c",
"version_value": "v1.11.5"
},
{
"version_affected": "\u003c",
"version_value": "v1.12.3"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
"Reported by Darren Shepherd"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unchecked Error Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88"
},
{
"name": "46053",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46053/"
},
{
"name": "RHSA-2018:3549",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3549"
},
{
"name": "RHSA-2018:3752",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3752"
},
{
"name": "46052",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46052/"
},
{
"name": "RHSA-2018:3624",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3624"
},
{
"name": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
"refsource": "MISC",
"url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/71411",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/71411"
},
{
"name": "RHSA-2018:3742",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3742"
},
{
"name": "RHSA-2018:3754",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3754"
},
{
"name": "RHSA-2018:3537",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3537"
},
{
"name": "https://github.com/evict/poc_CVE-2018-1002105",
"refsource": "MISC",
"url": "https://github.com/evict/poc_CVE-2018-1002105"
},
{
"name": "RHSA-2018:3598",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3598"
},
{
"name": "RHSA-2018:3551",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3551"
},
{
"name": "106068",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106068"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190416-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
},
{
"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"name": "openSUSE-SU-2020:0554",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2018-1002105",
"datePublished": "2018-12-05T21:00:00",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11254
Vulnerability from cvelistv5
Published
2020-04-01 20:30
Modified
2024-09-16 23:16
Severity ?
EPSS score ?
Summary
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/89535 | x_refsource_MISC | |
| https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200413-0003/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.15.10 Version: prior to 1.16.7 Version: prior to 1.17.3 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 Version: 1.13 Version: 1.14 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89535"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.15.10"
},
{
"status": "affected",
"version": "prior to 1.16.7"
},
{
"status": "affected",
"version": "prior to 1.17.3"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mike Danese of Google"
}
],
"datePublic": "2020-03-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1050",
"description": "CWE-1050: Excessive Platform Resource Consumption within a Loop",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-13T08:06:01",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89535"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/89535"
],
"discovery": "INTERNAL"
},
"title": "Kubernetes API Server denial of service vulnerability from malicious YAML payloads",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-03-31T23:07:00.000Z",
"ID": "CVE-2019-11254",
"STATE": "PUBLIC",
"TITLE": "Kubernetes API Server denial of service vulnerability from malicious YAML payloads"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.15.10"
},
{
"version_value": "prior to 1.16.7"
},
{
"version_value": "prior to 1.17.3"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
},
{
"version_value": "1.12"
},
{
"version_value": "1.13"
},
{
"version_value": "1.14"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Mike Danese of Google"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-1050: Excessive Platform Resource Consumption within a Loop"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/89535",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/89535"
},
{
"name": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200413-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/89535"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11254",
"datePublished": "2020-04-01T20:30:15.907694Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-16T23:16:55.380Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1000056
Vulnerability from cvelistv5
Published
2017-07-13 20:00
Modified
2024-08-05 21:53
Severity ?
EPSS score ?
Summary
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/43459 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/43459"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-05-06T00:00:00",
"datePublic": "2017-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-13T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/43459"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-05-06T20:43:28.307771",
"ID": "CVE-2017-1000056",
"REQUESTER": "jliggitt@redhat.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/43459",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/43459"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000056",
"datePublished": "2017-07-13T20:00:00",
"dateReserved": "2017-07-10T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11253
Vulnerability from cvelistv5
Published
2019-10-17 15:40
Modified
2024-09-16 23:21
Severity ?
EPSS score ?
Summary
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/83253 | x_refsource_CONFIRM | |
| https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:3239 | vendor-advisory, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20191031-0006/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:3811 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3905 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.13.12 Version: prior to 1.14.8 Version: prior to 1.15.5 Version: prior to 1.16.2 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.095Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/83253"
},
{
"name": "CVE-2019-11253: denial of service vulnerability from malicious YAML or JSON payloads",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs"
},
{
"name": "RHSA-2019:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0006/"
},
{
"name": "RHSA-2019:3811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"name": "RHSA-2019:3905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3905"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.13.12"
},
{
"status": "affected",
"version": "prior to 1.14.8"
},
{
"status": "affected",
"version": "prior to 1.15.5"
},
{
"status": "affected",
"version": "prior to 1.16.2"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rory McCune"
}
],
"datePublic": "2019-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-18T20:06:59",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/83253"
},
{
"name": "CVE-2019-11253: denial of service vulnerability from malicious YAML or JSON payloads",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs"
},
{
"name": "RHSA-2019:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0006/"
},
{
"name": "RHSA-2019:3811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"name": "RHSA-2019:3905",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3905"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/83253"
],
"discovery": "USER"
},
"title": "Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack",
"workarounds": [
{
"lang": "en",
"value": "Exposure to requests from unauthenticated users can be mitigated by removing all write permissions from unauthenticated users, following instructions at https://github.com/kubernetes/kubernetes/issues/83253"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2019-09-27",
"ID": "CVE-2019-11253",
"STATE": "PUBLIC",
"TITLE": "Kubernetes API Server JSON/YAML parsing vulnerable to resource exhaustion attack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "prior to 1.13.12"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "prior to 1.14.8"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "prior to 1.15.5"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "prior to 1.16.2"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.1"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.2"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.3"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.4"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.5"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.6"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.7"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.8"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.9"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.10"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.11"
},
{
"platform": "",
"version_affected": "",
"version_name": "",
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Rory McCune"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/83253",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/83253"
},
{
"name": "CVE-2019-11253: denial of service vulnerability from malicious YAML or JSON payloads",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs"
},
{
"name": "RHSA-2019:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"name": "https://security.netapp.com/advisory/ntap-20191031-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20191031-0006/"
},
{
"name": "RHSA-2019:3811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"name": "RHSA-2019:3905",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3905"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/83253"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Exposure to requests from unauthenticated users can be mitigated by removing all write permissions from unauthenticated users, following instructions at https://github.com/kubernetes/kubernetes/issues/83253"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11253",
"datePublished": "2019-10-17T15:40:10.154574Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-16T23:21:47.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8557
Vulnerability from cvelistv5
Published
2020-07-23 16:59
Modified
2024-09-17 03:14
Severity ?
EPSS score ?
Summary
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/93032 | x_refsource_CONFIRM | |
| https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20200821-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 1.15 Version: 1.14 Version: 1.13 Version: 1.12 Version: 1.11 Version: 1.10 Version: 1.9 Version: 1.8 Version: 1.7 Version: 1.6 Version: 1.5 Version: 1.4 Version: 1.3 Version: 1.2 Version: 1.1 Version: 1.18 < 1.18.6 Version: 1.17 < 1.17.9 Version: 1.16 < 1.16.13 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/93032"
},
{
"name": "[Security Advisory] CVE-2020-8557: Node disk DOS by writing to container /etc/hosts",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.1"
},
{
"lessThan": "1.18.6",
"status": "affected",
"version": "1.18",
"versionType": "custom"
},
{
"lessThan": "1.17.9",
"status": "affected",
"version": "1.17",
"versionType": "custom"
},
{
"lessThan": "1.16.13",
"status": "affected",
"version": "1.16",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kebe Liu of DaoCloud"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T09:06:14",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/93032"
},
{
"name": "[Security Advisory] CVE-2020-8557: Node disk DOS by writing to container /etc/hosts",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0002/"
}
],
"source": {
"discovery": "USER"
},
"title": "Kubernetes node disk Denial of Service by writing to container /etc/hosts",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-07-15T00:00:00.000Z",
"ID": "CVE-2020-8557",
"STATE": "PUBLIC",
"TITLE": "Kubernetes node disk Denial of Service by writing to container /etc/hosts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.18",
"version_value": "1.18.6"
},
{
"version_affected": "\u003c",
"version_name": "1.17",
"version_value": "1.17.9"
},
{
"version_affected": "\u003c",
"version_name": "1.16",
"version_value": "1.16.13"
},
{
"version_value": "1.15"
},
{
"version_value": "1.14"
},
{
"version_value": "1.13"
},
{
"version_value": "1.12"
},
{
"version_value": "1.11"
},
{
"version_value": "1.10"
},
{
"version_value": "1.9"
},
{
"version_value": "1.8"
},
{
"version_value": "1.7"
},
{
"version_value": "1.6"
},
{
"version_value": "1.5"
},
{
"version_value": "1.4"
},
{
"version_value": "1.3"
},
{
"version_value": "1.2"
},
{
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kebe Liu of DaoCloud"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400 Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/93032",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/93032"
},
{
"name": "[Security Advisory] CVE-2020-8557: Node disk DOS by writing to container /etc/hosts",
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200821-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200821-0002/"
}
]
},
"source": {
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8557",
"datePublished": "2020-07-23T16:59:38.580465Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-17T03:14:05.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8564
Vulnerability from cvelistv5
Published
2020-12-07 22:00
Modified
2024-09-16 17:32
Severity ?
EPSS score ?
Summary
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | mailing-list, x_refsource_MLIST | |
| https://github.com/kubernetes/kubernetes/issues/95622 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20210122-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: < 1.19.3 Version: < 1.18.10 Version: < 1.17.13 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003c 1.18.10"
},
{
"status": "affected",
"version": "\u003c 1.17.13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Nikolaos Moraitis (Red Hat)"
}
],
"datePublic": "2020-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-22T12:06:18",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95622"
],
"discovery": "EXTERNAL"
},
"title": "Docker config secrets leaked when file is malformed and loglevel \u003e= 4",
"workarounds": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 4), limit access to logs."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-10-15T04:00:00.000Z",
"ID": "CVE-2020-8564",
"STATE": "PUBLIC",
"TITLE": "Docker config secrets leaked when file is malformed and loglevel \u003e= 4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "\u003c 1.19.3"
},
{
"version_value": "\u003c 1.18.10"
},
{
"version_value": "\u003c 1.17.13"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Nikolaos Moraitis (Red Hat)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/95622",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/95622"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95622"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 4), limit access to logs."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8564",
"datePublished": "2020-12-07T22:00:22.445619Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T17:32:40.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25737
Vulnerability from cvelistv5
Published
2021-09-06 11:32
Modified
2024-09-16 21:04
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/102106 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211004-0004/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/102106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211004-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.18.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.19.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John Howard"
}
],
"datePublic": "2021-05-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete Blacklist",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T18:06:22",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/102106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211004-0004/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/102106"
],
"discovery": "EXTERNAL"
},
"title": "Holes in EndpointSlice Validation Enable Host Network Hijack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-05-18T19:00:00.000Z",
"ID": "CVE-2021-25737",
"STATE": "PUBLIC",
"TITLE": "Holes in EndpointSlice Validation Enable Host Network Hijack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.18.18"
},
{
"version_affected": "\u003c=",
"version_value": "1.19.10"
},
{
"version_affected": "\u003c=",
"version_value": "1.20.6"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "John Howard"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-184 Incomplete Blacklist"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/102106",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/102106"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211004-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211004-0004/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/102106"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25737",
"datePublished": "2021-09-06T11:32:01.989085Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T21:04:34.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8559
Vulnerability from cvelistv5
Published
2020-07-22 13:47
Modified
2024-09-16 17:58
Severity ?
EPSS score ?
Summary
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/92914 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200810-0004/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 Version: 1.13 Version: 1.14 Version: 1.15 Version: 1.16 < Version: 1.17 < Version: 1.18 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.331Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92914"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200810-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
},
{
"lessThanOrEqual": "1.16.12",
"status": "affected",
"version": "1.16",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.17.8",
"status": "affected",
"version": "1.17",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.18.5",
"status": "affected",
"version": "1.18",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Wouter ter Maat of Offensi"
}
],
"datePublic": "2020-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-10T11:06:09",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92914"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200810-0004/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/92914"
],
"discovery": "EXTERNAL"
},
"title": "Privilege escalation from compromised node to cluster",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-07-15T16:00:00.000Z",
"ID": "CVE-2020-8559",
"STATE": "PUBLIC",
"TITLE": "Privilege escalation from compromised node to cluster"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "1.16",
"version_value": "1.16.12"
},
{
"version_affected": "\u003c=",
"version_name": "1.17",
"version_value": "1.17.8"
},
{
"version_affected": "\u003c=",
"version_name": "1.18",
"version_value": "1.18.5"
},
{
"version_name": "1.6",
"version_value": "1.6"
},
{
"version_name": "1.7",
"version_value": "1.7"
},
{
"version_name": "1.8",
"version_value": "1.8"
},
{
"version_name": "1.9",
"version_value": "1.9"
},
{
"version_name": "1.10",
"version_value": "1.10"
},
{
"version_name": "1.11",
"version_value": "1.11"
},
{
"version_name": "1.12",
"version_value": "1.12"
},
{
"version_name": "1.13",
"version_value": "1.13"
},
{
"version_name": "1.14",
"version_value": "1.14"
},
{
"version_name": "1.15",
"version_value": "1.15"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Wouter ter Maat of Offensi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/92914",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/92914"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200810-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200810-0004/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/92914"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8559",
"datePublished": "2020-07-22T13:47:08.684571Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T17:58:15.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11249
Vulnerability from cvelistv5
Published
2019-08-29 00:26
Modified
2024-09-16 18:19
Severity ?
EPSS score ?
Summary
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ | mailing-list, x_refsource_MLIST | |
| https://github.com/kubernetes/kubernetes/issues/80984 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190919-0003/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHBA-2019:2816 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHBA-2019:2794 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHBA-2019:2824 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3239 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3811 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.13.9 Version: prior to 1.14.5 Version: prior to 1.15.2 Version: 1.1 Version: 1.2 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:08.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80984"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHBA-2019:2816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"name": "RHBA-2019:2794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2794"
},
{
"name": "RHBA-2019:2824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"name": "RHSA-2019:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"name": "RHSA-2019:3811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.13.9"
},
{
"status": "affected",
"version": "prior to 1.14.5"
},
{
"status": "affected",
"version": "prior to 1.15.2"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yang Yang, Amazon"
}
],
"datePublic": "2019-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T18:06:34",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80984"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHBA-2019:2816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"name": "RHBA-2019:2794",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2794"
},
{
"name": "RHBA-2019:2824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"name": "RHSA-2019:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"name": "RHSA-2019:3811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/80984"
],
"discovery": "USER"
},
"title": "kubectl cp allows symlink directory traversal",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2019-08-05",
"ID": "CVE-2019-11249",
"STATE": "PUBLIC",
"TITLE": "kubectl cp allows symlink directory traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.13.9"
},
{
"version_value": "prior to 1.14.5"
},
{
"version_value": "prior to 1.15.2"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.4"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
},
{
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Yang Yang, Amazon"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/80984",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/80984"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHBA-2019:2816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"name": "RHBA-2019:2794",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:2794"
},
{
"name": "RHBA-2019:2824",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"name": "RHSA-2019:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"name": "RHSA-2019:3811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/80984"
],
"discovery": "USER"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11249",
"datePublished": "2019-08-29T00:26:18.429187Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-16T18:19:22.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8551
Vulnerability from cvelistv5
Published
2020-03-27 14:25
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/89377 | x_refsource_MISC | |
| https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200413-0003/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < v1.17.3 Version: unspecified < v1.16.7 Version: unspecified < v1.15.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89377"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.15.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Henrik Schmidt"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-24T02:06:18",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89377"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/89377"
],
"discovery": "EXTERNAL"
},
"title": "Kubernetes kubelet denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"ID": "CVE-2020-8551",
"STATE": "PUBLIC",
"TITLE": "Kubernetes kubelet denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.17.3"
},
{
"version_affected": "\u003c",
"version_value": "v1.16.7"
},
{
"version_affected": "\u003c",
"version_value": "v1.15.10"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Henrik Schmidt"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789 Uncontrolled Memory Allocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/89377",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/89377"
},
{
"name": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200413-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"name": "FEDORA-2020-aeea04cd13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/89377"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8551",
"datePublished": "2020-03-27T14:25:14",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8552
Vulnerability from cvelistv5
Published
2020-03-27 14:25
Modified
2024-08-04 10:03
Severity ?
EPSS score ?
Summary
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/89378 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20200413-0003/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < v1.17.3 Version: unspecified < v1.16.7 Version: unspecified < v1.15.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.260Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89378"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.17.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.16.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.15.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Gus Lees (Amazon)"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789 Uncontrolled Memory Allocation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-24T02:06:19",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89378"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"name": "FEDORA-2020-aeea04cd13",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/89378"
],
"discovery": "EXTERNAL"
},
"title": "Kubernetes API server denial of service",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"ID": "CVE-2020-8552",
"STATE": "PUBLIC",
"TITLE": "Kubernetes API server denial of service"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.17.3"
},
{
"version_affected": "\u003c",
"version_value": "v1.16.7"
},
{
"version_affected": "\u003c",
"version_value": "v1.15.10"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Gus Lees (Amazon)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-789 Uncontrolled Memory Allocation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s",
"refsource": "MISC",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/89378",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/89378"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200413-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"name": "FEDORA-2020-aeea04cd13",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/89378"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8552",
"datePublished": "2020-03-27T14:25:15",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-08-04T10:03:46.260Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2728
Vulnerability from cvelistv5
Published
2023-07-03 20:06
Modified
2024-11-25 17:03
Severity ?
EPSS score ?
Summary
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.24.14 ≤ <= Version: v1.25.0 - v1.25.10 Version: v1.26.0 - v1.26.5 Version: v1.27.0 - v1.27.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2728",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:02:56.391082Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:03:07.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "\u003c=",
"status": "affected",
"version": "v1.24.14",
"versionType": "semver"
},
{
"status": "affected",
"version": "v1.25.0 - v1.25.10"
},
{
"status": "affected",
"version": "v1.26.0 - v1.26.5"
},
{
"status": "affected",
"version": "v1.27.0 - v1.27.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Rita Zhang"
}
],
"datePublic": "2023-06-15T04:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUsers may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\u003c/div\u003e"
}
],
"value": "Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T20:06:11.796Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/3"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTo mitigate this vulnerability, upgrade Kubernetes: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster\"\u003ehttps://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster\u003c/a\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "To mitigate this vulnerability, upgrade Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster \n\n\n\n"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-2728",
"datePublished": "2023-07-03T20:06:11.796Z",
"dateReserved": "2023-05-16T00:32:00.189Z",
"dateUpdated": "2024-11-25T17:03:07.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3294
Vulnerability from cvelistv5
Published
2023-03-01 00:00
Modified
2024-08-03 01:07
Severity ?
EPSS score ?
Summary
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:05.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/113757"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230505-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.25.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.24.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.23.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.22.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Yuval Avrahami of Palo Alto Networks"
}
],
"datePublic": "2022-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server\u0027s private network."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-05T00:00:00",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA"
},
{
"url": "https://github.com/kubernetes/kubernetes/issues/113757"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230505-0007/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/113757"
],
"discovery": "EXTERNAL"
},
"title": "Node address isn\u0027t always verified when proxying",
"workarounds": [
{
"lang": "en",
"value": "Configuring an egress proxy for egress to the cluster network can mitigate this vulnerability"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2022-3294",
"datePublished": "2023-03-01T00:00:00",
"dateReserved": "2022-09-23T00:00:00",
"dateUpdated": "2024-08-03T01:07:05.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11251
Vulnerability from cvelistv5
Published
2020-02-03 15:35
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/87773 | x_refsource_CONFIRM | |
| https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.13.11 Version: prior to 1.14.7 Version: prior to 1.15.4 Version: 1.1 Version: 1.2 Version: 1.3 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.005Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/87773"
},
{
"name": "Security release of kubectl versions v1.16.0 / 1.15.4 / 1.14.7 and 1.13.11 - CVE-2019-11251",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.13.11"
},
{
"status": "affected",
"version": "prior to 1.14.7"
},
{
"status": "affected",
"version": "prior to 1.15.4"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Erik Sj\u00f6lund"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T15:35:13",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/87773"
},
{
"name": "Security release of kubectl versions v1.16.0 / 1.15.4 / 1.14.7 and 1.13.11 - CVE-2019-11251",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/87773"
],
"discovery": "USER"
},
"title": "kubectl cp allows symlink directory traversal",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"ID": "CVE-2019-11251",
"STATE": "PUBLIC",
"TITLE": "kubectl cp allows symlink directory traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.13.11"
},
{
"version_value": "prior to 1.14.7"
},
{
"version_value": "prior to 1.15.4"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.3"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
},
{
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Erik Sj\u00f6lund"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/87773",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/87773"
},
{
"name": "Security release of kubectl versions v1.16.0 / 1.15.4 / 1.14.7 and 1.13.11 - CVE-2019-11251",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/87773"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11251",
"datePublished": "2020-02-03T15:35:13",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.005Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9946
Vulnerability from cvelistv5
Published
2019-04-02 17:22
Modified
2024-08-04 22:10
Severity ?
EPSS score ?
Summary
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190416-0002/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHBA-2019:0862 | vendor-advisory, x_refsource_REDHAT | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/ | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:10:08.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"name": "RHBA-2019:0862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0862"
},
{
"name": "FEDORA-2019-d2b57d3b19",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/"
},
{
"name": "FEDORA-2019-24217abfdf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI \u0027portmap\u0027 plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-15T02:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"name": "RHBA-2019:0862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0862"
},
{
"name": "FEDORA-2019-d2b57d3b19",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/"
},
{
"name": "FEDORA-2019-24217abfdf",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI \u0027portmap\u0027 plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272",
"refsource": "CONFIRM",
"url": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190416-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"name": "RHBA-2019:0862",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0862"
},
{
"name": "FEDORA-2019-d2b57d3b19",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/"
},
{
"name": "FEDORA-2019-24217abfdf",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9946",
"datePublished": "2019-04-02T17:22:52",
"dateReserved": "2019-03-23T00:00:00",
"dateUpdated": "2024-08-04T22:10:08.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25740
Vulnerability from cvelistv5
Published
2021-09-20 17:05
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/103675 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211014-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.20.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.20.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.21.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Rob Scott"
}
],
"datePublic": "2021-07-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T08:06:14",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/103675"
],
"discovery": "EXTERNAL"
},
"title": "Holes in EndpointSlice Validation Enable Host Network Hijack",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-07-14T21:23:00.000Z",
"ID": "CVE-2021-25740",
"STATE": "PUBLIC",
"TITLE": "Holes in EndpointSlice Validation Enable Host Network Hijack"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.20.11"
},
{
"version_affected": "\u003e?",
"version_value": "1.20.11"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.5"
},
{
"version_affected": "\u003e?",
"version_value": "1.21.5"
},
{
"version_affected": "\u003c=",
"version_value": "1.22.2"
},
{
"version_affected": "\u003e?",
"version_value": "1.22.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Rob Scott"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy or Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/103675",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211014-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/103675"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25740",
"datePublished": "2021-09-20T17:05:18.065542Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T19:30:45.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1906
Vulnerability from cvelistv5
Published
2016-02-03 15:00
Modified
2024-08-05 23:10
Severity ?
EPSS score ?
Summary
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openshift/origin/issues/6556 | x_refsource_CONFIRM | |
| https://github.com/openshift/origin/pull/6576 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2016:0070 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2016:0351 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:10:40.116Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/issues/6556"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/6576"
},
{
"name": "RHSA-2016:0070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "RHSA-2016:0351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0351"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-18T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/issues/6556"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/pull/6576"
},
{
"name": "RHSA-2016:0070",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "RHSA-2016:0351",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:0351"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-1906",
"datePublished": "2016-02-03T15:00:00",
"dateReserved": "2016-01-14T00:00:00",
"dateUpdated": "2024-08-05T23:10:40.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8554
Vulnerability from cvelistv5
Published
2021-01-21 17:09
Modified
2024-09-17 00:40
Severity ?
EPSS score ?
Summary
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: Kubernetes all versions |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/97076"
},
{
"name": "[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "Kubernetes all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) of Anevia"
}
],
"datePublic": "2020-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-283",
"description": "CWE-283 Unverified Ownership",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:33",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/97076"
},
{
"name": "[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/97076"
],
"discovery": "EXTERNAL"
},
"title": "Kubernetes man in the middle using LoadBalancer or ExternalIPs",
"workarounds": [
{
"lang": "en",
"value": "To restrict the use of external IPs we are providing an admission webhook container: k8s.gcr.io/multitenancy/externalip-webhook:v1.0.0. The source code and deployment instructions are published at https://github.com/kubernetes-sigs/externalip-webhook.\n\nAlternatively, external IPs can be restricted using OPA Gatekeeper. A sample ConstraintTemplate and Constraint can be found here: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/externalip."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-12-07T17:00:00.000Z",
"ID": "CVE-2020-8554",
"STATE": "PUBLIC",
"TITLE": "Kubernetes man in the middle using LoadBalancer or ExternalIPs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Kubernetes",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Etienne Champetier (@champtar) of Anevia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-283 Unverified Ownership"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/97076",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/97076"
},
{
"name": "[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/97076"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "To restrict the use of external IPs we are providing an admission webhook container: k8s.gcr.io/multitenancy/externalip-webhook:v1.0.0. The source code and deployment instructions are published at https://github.com/kubernetes-sigs/externalip-webhook.\n\nAlternatively, external IPs can be restricted using OPA Gatekeeper. A sample ConstraintTemplate and Constraint can be found here: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/externalip."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8554",
"datePublished": "2021-01-21T17:09:21.169393Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-17T00:40:57.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5321
Vulnerability from cvelistv5
Published
2024-07-18 18:15
Modified
2024-09-13 17:05
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/126161 | issue-tracking | |
| https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0 | mailing-list |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 1.27.0 ≤ 1.27.15 Version: 1.28.0 ≤ 1.28.11 Version: 1.29.0 ≤ 1.29.6 Version: 1.30.0 ≤ 1.30.2 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T19:30:40.540454Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T19:30:48.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-09-13T17:05:30.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/126161"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/17/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"modules": [
"kubelet"
],
"platforms": [
"Windows"
],
"product": "Kubernetes",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.27.15",
"status": "affected",
"version": "1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.28.11",
"status": "affected",
"version": "1.28.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.29.6",
"status": "affected",
"version": "1.29.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "1.30.2",
"status": "affected",
"version": "1.30.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "1.27.16"
},
{
"status": "unaffected",
"version": "1.28.12"
},
{
"status": "unaffected",
"version": "1.29.7"
},
{
"status": "unaffected",
"version": "1.30.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Paulo Gomes @pjbgf, SUSE"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA security issue was discovered in Kubernetes clusters with Windows nodes where \u003ccode\u003eBUILTIN\\Users\u003c/code\u003e\u0026nbsp;may be able to read container logs and \u003ccode\u003eNT AUTHORITY\\Authenticated Users\u003c/code\u003e\u0026nbsp;may be able to modify container logs.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\\Users\u00a0may be able to read container logs and NT AUTHORITY\\Authenticated Users\u00a0may be able to modify container logs."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:15:20.038Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/126161"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect permissions on Windows containers logs",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2024-5321",
"datePublished": "2024-07-18T18:15:25.270Z",
"dateReserved": "2024-05-24T15:17:53.856Z",
"dateUpdated": "2024-09-13T17:05:30.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25741
Vulnerability from cvelistv5
Published
2021-09-20 17:05
Modified
2024-09-16 23:26
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/104980 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211008-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0006/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "kubernetes",
"vendor": "kubernetes",
"versions": [
{
"lessThanOrEqual": "1.19.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.10",
"status": "affected",
"version": "1.20.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.4",
"status": "affected",
"version": "1.21.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.1",
"status": "affected",
"version": "1.22.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-25741",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T13:25:58.469004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T13:37:41.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.19.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Fabricio Voznika \u0026 Mark Wolters"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files \u0026 directories outside of the volume, including on the host filesystem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-08T14:06:36",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/104980"
],
"discovery": "EXTERNAL"
},
"title": "Symlink Exchange Can Allow Host Filesystem Access",
"x_ConverterErrors": {
"DATE_PUBLIC": {
"error": "v4 DATE_PUBLIC is invalid",
"message": "hour must be in 0..23"
}
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-09-15T121:15:00.000Z",
"ID": "CVE-2021-25741",
"STATE": "PUBLIC",
"TITLE": "Symlink Exchange Can Allow Host Filesystem Access"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.19.14"
},
{
"version_affected": "\u003c=",
"version_value": "1.20.10"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.4"
},
{
"version_affected": "\u003c=",
"version_value": "1.22.1"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Fabricio Voznika \u0026 Mark Wolters"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files \u0026 directories outside of the volume, including on the host filesystem."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/104980",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/104980"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211008-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211008-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/104980"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25741",
"datePublished": "2021-09-20T17:05:21.097904Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:26:06.351Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11245
Vulnerability from cvelistv5
Published
2019-08-29 00:22
Modified
2024-09-16 22:09
Severity ?
EPSS score ?
Summary
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/78308 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190919-0003/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.13.6 Version: v1.14.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.001Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/78308"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.13.6"
},
{
"status": "affected",
"version": "v1.14.2"
}
]
}
],
"datePublic": "2019-05-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-703",
"description": "CWE-703: Improper Check or Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-19T16:06:08",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/78308"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/78308"
],
"discovery": "USER"
},
"title": "kubelet-started container uid changes to root after first restart or if image is already pulled to the node",
"workarounds": [
{
"lang": "en",
"value": "Specify runAsUser directives in pods to control the uid a container runs as. Specify mustRunAsNonRoot:true directives in pods to prevent starting as root (note this means the attempt to start the container will fail on affected kubelet versions)."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2019-05-24",
"ID": "CVE-2019-11245",
"STATE": "PUBLIC",
"TITLE": "kubelet-started container uid changes to root after first restart or if image is already pulled to the node"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "=",
"version_name": "v1.13",
"version_value": "v1.13.6"
},
{
"platform": "",
"version_affected": "=",
"version_name": "v1.14",
"version_value": "v1.14.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-703: Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/78308",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/78308"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/78308"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Specify runAsUser directives in pods to control the uid a container runs as. Specify mustRunAsNonRoot:true directives in pods to prevent starting as root (note this means the attempt to start the container will fail on affected kubelet versions)."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11245",
"datePublished": "2019-08-29T00:22:24.173224Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-16T22:09:44.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3162
Vulnerability from cvelistv5
Published
2023-03-01 00:00
Modified
2024-08-03 01:00
Severity ?
EPSS score ?
Summary
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:00:10.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/113756"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230511-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.25.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.24.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.23.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.22.15",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Richard Turnbull of NCC Group"
}
],
"datePublic": "2022-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-11T00:00:00",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA"
},
{
"url": "https://github.com/kubernetes/kubernetes/issues/113756"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230511-0004/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/113756"
],
"discovery": "EXTERNAL"
},
"title": "Unauthorized read of Custom Resources",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2022-3162",
"datePublished": "2023-03-01T00:00:00",
"dateReserved": "2022-09-08T00:00:00",
"dateUpdated": "2024-08-03T01:00:10.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2431
Vulnerability from cvelistv5
Published
2023-06-16 07:08
Modified
2024-12-12 15:56
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 0 Version: v1.25.0 Version: v1.26.0 Version: v1.27.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:19:15.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118690"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2431",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-12T15:55:55.548179Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T15:56:02.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"issue-tracking",
"exploit"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118690"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubernetes",
"repo": "https://github.com/kubernetes/kubernetes/",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.24.14",
"status": "affected",
"version": "0",
"versionType": "kubelet v1.24"
},
{
"lessThan": "v1.25.9",
"status": "affected",
"version": "v1.25.0",
"versionType": "kubelet v1.25"
},
{
"lessThan": "v1.26.4",
"status": "affected",
"version": "v1.26.0",
"versionType": "kubelet v1.26"
},
{
"lessThan": "v1.27.1",
"status": "affected",
"version": "v1.27.0",
"versionType": "kubelet v1.27"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tim Allclair"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Craig Ingram"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-16T07:15:37.445Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10"
},
{
"url": "https://github.com/kubernetes/kubernetes/issues/118690"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/"
}
],
"solutions": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, upgrade Kubelet: https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/ https://kubernetes.io/docs/tasks/administer-cluster/cluster-upgrade/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Bypass of seccomp profile enforcement",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-2431",
"datePublished": "2023-06-16T07:08:33.476Z",
"dateReserved": "2023-04-30T22:44:39.597Z",
"dateUpdated": "2024-12-12T15:56:02.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5528
Vulnerability from cvelistv5
Published
2023-11-14 20:32
Modified
2024-09-06 14:18
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/121879 | issue-tracking | |
| https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA | mailing-list |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | kubelet |
Version: v1.28.0 ≤ v1.28.3 Version: v1.27.0 ≤ v1.27.7 Version: v1.26.0 ≤ v1.26.10 Version: 0 ≤ v1.25.15 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/121879"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0009/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.28.3",
"status": "affected",
"version": "v1.28.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.27.7",
"status": "affected",
"version": "v1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.26.10",
"status": "affected",
"version": "v1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.25.15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.28.4"
},
{
"status": "unaffected",
"version": "v1.27.8"
},
{
"status": "unaffected",
"version": "v1.26.11"
},
{
"status": "unaffected",
"version": "v1.25.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Peled"
}
],
"datePublic": "2023-11-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."
}
],
"value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T14:18:44.918Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/121879"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kubernetes - Windows nodes - Insufficient input sanitization in in-tree storage plugin leads to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-5528",
"datePublished": "2023-11-14T20:32:08.411Z",
"dateReserved": "2023-10-11T16:12:14.212Z",
"dateUpdated": "2024-09-06T14:18:44.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8561
Vulnerability from cvelistv5
Published
2021-09-20 17:05
Modified
2024-09-16 22:29
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/104720 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20211014-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.20.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.20.11",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.21.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "QiQi Xu"
}
],
"datePublic": "2021-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-441",
"description": "CWE-441 Unintended Proxy or Intermediary",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-14T08:06:21",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/104720"
],
"discovery": "EXTERNAL"
},
"title": "Webhook redirect in kube-apiserver",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-09-15T21:15:00.000Z",
"ID": "CVE-2020-8561",
"STATE": "PUBLIC",
"TITLE": "Webhook redirect in kube-apiserver"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.20.11"
},
{
"version_affected": "\u003e?",
"version_value": "1.20.11"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.5"
},
{
"version_affected": "\u003e?",
"version_value": "1.21.5"
},
{
"version_affected": "\u003c=",
"version_value": "1.22.2"
},
{
"version_affected": "\u003e?",
"version_value": "1.22.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "QiQi Xu"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-441 Unintended Proxy or Intermediary"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/104720",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211014-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/104720"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8561",
"datePublished": "2021-09-20T17:05:16.328714Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T22:29:49.855Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8558
Vulnerability from cvelistv5
Published
2020-07-27 19:55
Modified
2024-09-16 22:40
Severity ?
EPSS score ?
Summary
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/92315 | x_refsource_CONFIRM | |
| https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20200821-0001/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.18.4 Version: prior to 1.17.7 Version: prior to 1.16.11 Version: 1.15 Version: 1.14 Version: 1.13 Version: 1.12 Version: 1.11 Version: 1.10 Version: 1.9 Version: 1.8 Version: 1.7 Version: 1.6 Version: 1.5 Version: 1.4 Version: 1.3 Version: 1.2 Version: 1.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.112Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92315"
},
{
"name": "[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.18.4"
},
{
"status": "affected",
"version": "prior to 1.17.7"
},
{
"status": "affected",
"version": "prior to 1.16.11"
},
{
"status": "affected",
"version": "1.15"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.3"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.1"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "J\u00e1nos K\u00f6v\u00e9r, Ericsson"
},
{
"lang": "en",
"value": "Additional impacts reported by Rory McCune, NCC Group and Yuval Avrahami and Ariel Zelivansky, Palo Alto Networks"
}
],
"datePublic": "2020-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node\u0027s network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-420",
"description": "CWE-420 Unprotected Alternate Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-21T09:06:15",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92315"
},
{
"name": "[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0001/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/90259"
],
"discovery": "USER"
},
"title": "Kubernetes node setting allows for neighboring hosts to bypass localhost boundary",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-04-18T00:00:00.000Z",
"ID": "CVE-2020-8558",
"STATE": "PUBLIC",
"TITLE": "Kubernetes node setting allows for neighboring hosts to bypass localhost boundary"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.18.4"
},
{
"version_value": "prior to 1.17.7"
},
{
"version_value": "prior to 1.16.11"
},
{
"version_value": "1.15"
},
{
"version_value": "1.14"
},
{
"version_value": "1.13"
},
{
"version_value": "1.12"
},
{
"version_value": "1.11"
},
{
"version_value": "1.10"
},
{
"version_value": "1.9"
},
{
"version_value": "1.8"
},
{
"version_value": "1.7"
},
{
"version_value": "1.6"
},
{
"version_value": "1.5"
},
{
"version_value": "1.4"
},
{
"version_value": "1.3"
},
{
"version_value": "1.2"
},
{
"version_value": "1.1"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "J\u00e1nos K\u00f6v\u00e9r, Ericsson"
},
{
"lang": "eng",
"value": "Additional impacts reported by Rory McCune, NCC Group and Yuval Avrahami and Ariel Zelivansky, Palo Alto Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node\u0027s network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-420 Unprotected Alternate Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/92315",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/92315"
},
{
"name": "[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary",
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200821-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200821-0001/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/90259"
],
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8558",
"datePublished": "2020-07-27T19:55:19.321721Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T22:40:40.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8565
Vulnerability from cvelistv5
Published
2020-12-07 22:00
Modified
2024-09-17 00:05
Severity ?
EPSS score ?
Summary
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | mailing-list, x_refsource_MLIST | |
| https://github.com/kubernetes/kubernetes/issues/95623 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: <= 1.19.3 Version: <= 1.18.10 Version: <= 1.17.13 Version: < 1.20.0-alpha2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "\u003c= 1.19.3"
},
{
"status": "affected",
"version": "\u003c= 1.18.10"
},
{
"status": "affected",
"version": "\u003c= 1.17.13"
},
{
"status": "affected",
"version": "\u003c 1.20.0-alpha2"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Patrick Rhomberg (purelyapplied)"
}
],
"datePublic": "2020-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects \u003c= v1.19.3, \u003c= v1.18.10, \u003c= v1.17.13, \u003c v1.20.0-alpha2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-07T22:00:19",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95623"
],
"discovery": "EXTERNAL"
},
"title": "Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9",
"workarounds": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 9), limit access to logs."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-10-15T04:00:00.000Z",
"ID": "CVE-2020-8565",
"STATE": "PUBLIC",
"TITLE": "Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel \u003e= 9"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "\u003c= 1.19.3"
},
{
"version_value": "\u003c= 1.18.10"
},
{
"version_value": "\u003c= 1.17.13"
},
{
"version_value": "\u003c 1.20.0-alpha2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Patrick Rhomberg (purelyapplied)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects \u003c= v1.19.3, \u003c= v1.18.10, \u003c= v1.17.13, \u003c v1.20.0-alpha2."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/95623",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95623"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 9), limit access to logs."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8565",
"datePublished": "2020-12-07T22:00:19.374983Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-17T00:05:58.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11243
Vulnerability from cvelistv5
Published
2019-04-22 14:54
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/76797 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108053 | vdb-entry, x_refsource_BID | |
| https://security.netapp.com/advisory/ntap-20190509-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.12 < Version: v1.13 < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.023Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"name": "108053",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108053"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.12.4",
"status": "affected",
"version": "v1.12",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.13.0",
"status": "affected",
"version": "v1.13",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Oleg Bulatov of Red Hat"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271 Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-09T10:06:03",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"name": "108053",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108053"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
],
"source": {
"discovery": "USER"
},
"workarounds": [
{
"lang": "en",
"value": "Clear the config.WrapTransport and config.Transport fields in addition to calling rest.AnonymousClientConfig()"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"ID": "CVE-2019-11243",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "v1.12",
"version_value": "v1.12.4"
},
{
"version_affected": "\u003c=",
"version_name": "v1.13",
"version_value": "v1.13.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Oleg Bulatov of Red Hat"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-271 Privilege Dropping / Lowering Errors"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/76797",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"name": "108053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108053"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190509-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
]
},
"source": {
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "Clear the config.WrapTransport and config.Transport fields in addition to calling rest.AnonymousClientConfig()"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11243",
"datePublished": "2019-04-22T14:54:15",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11247
Vulnerability from cvelistv5
Published
2019-08-29 00:25
Modified
2024-09-16 18:04
Severity ?
EPSS score ?
Summary
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/80983 | x_refsource_CONFIRM | |
| https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ | mailing-list, x_refsource_MLIST | |
| https://access.redhat.com/errata/RHSA-2019:2690 | vendor-advisory, x_refsource_REDHAT | |
| https://security.netapp.com/advisory/ntap-20190919-0003/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHBA-2019:2816 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHBA-2019:2824 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:2769 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.13.9 Version: prior to 1.14.5 Version: prior to 1.15.2 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80983"
},
{
"name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"name": "RHSA-2019:2690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHBA-2019:2816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"name": "RHBA-2019:2824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"name": "RHSA-2019:2769",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.13.9"
},
{
"status": "affected",
"version": "prior to 1.14.5"
},
{
"status": "affected",
"version": "prior to 1.15.2"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Prabu Shyam, Verizon Media"
}
],
"datePublic": "2019-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-24T22:06:25",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80983"
},
{
"name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"name": "RHSA-2019:2690",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHBA-2019:2816",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"name": "RHBA-2019:2824",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"name": "RHSA-2019:2769",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/80983"
],
"discovery": "USER"
},
"title": "Kubernetes kube-apiserver allows access to custom resources via wrong scope",
"workarounds": [
{
"lang": "en",
"value": "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2019-08-05",
"ID": "CVE-2019-11247",
"STATE": "PUBLIC",
"TITLE": "Kubernetes kube-apiserver allows access to custom resources via wrong scope"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.13.9"
},
{
"version_value": "prior to 1.14.5"
},
{
"version_value": "prior to 1.15.2"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
},
{
"version_value": "1.12"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Prabu Shyam, Verizon Media"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/80983",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/80983"
},
{
"name": "v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"name": "RHSA-2019:2690",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHBA-2019:2816",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"name": "RHBA-2019:2824",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"name": "RHSA-2019:2769",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/80983"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "To mitigate, remove authorization rules that grant access to cluster-scoped resources within namespaces. For example, RBAC roles and clusterroles intended to be referenced by namespaced rolebindings should not grant access to resources:[*], apiGroups:[*], or grant access to cluster-scoped custom resources."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11247",
"datePublished": "2019-08-29T00:25:27.667656Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-16T18:04:25.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1002101
Vulnerability from cvelistv5
Published
2019-04-01 14:14
Modified
2024-09-16 20:46
Severity ?
EPSS score ?
Summary
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 1.1-1.10 Version: 1.11 < 1.11.9 Version: 1.12 < 1.12.7 Version: 1.13 < 1.13.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.424Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/75037"
},
{
"name": "107652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107652"
},
{
"name": "RHBA-2019:0620",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0620"
},
{
"name": "RHBA-2019:0619",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0619"
},
{
"name": "RHBA-2019:0636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0636"
},
{
"name": "FEDORA-2019-bf800b1c04",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/"
},
{
"name": "[oss-security] 20190620 [ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/21/1"
},
{
"name": "[oss-security] 20190805 Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/05/5"
},
{
"name": "FEDORA-2019-2b8ef08c95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "1.1-1.10"
},
{
"lessThan": "1.11.9",
"status": "affected",
"version": "1.11",
"versionType": "custom"
},
{
"lessThan": "1.12.7",
"status": "affected",
"version": "1.12",
"versionType": "custom"
},
{
"lessThan": "1.13.5",
"status": "affected",
"version": "1.13",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Ariel Zelivansky of Twistlock"
}
],
"dateAssigned": "2019-03-05T00:00:00",
"datePublic": "2019-03-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Data Handling",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-22T15:51:27",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/pull/75037"
},
{
"name": "107652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107652"
},
{
"name": "RHBA-2019:0620",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0620"
},
{
"name": "RHBA-2019:0619",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0619"
},
{
"name": "RHBA-2019:0636",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0636"
},
{
"name": "FEDORA-2019-bf800b1c04",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/"
},
{
"name": "[oss-security] 20190620 [ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/06/21/1"
},
{
"name": "[oss-security] 20190805 Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2019/08/05/5"
},
{
"name": "FEDORA-2019-2b8ef08c95",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/"
}
],
"source": {
"advisory": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/OYFV1hiDE2w",
"defect": [
"75037"
],
"discovery": "EXTERNAL"
},
"title": "kubectl cp path traversal",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2019-03-05",
"DATE_PUBLIC": "2019-03-28",
"ID": "CVE-2019-1002101",
"STATE": "PUBLIC",
"TITLE": "kubectl cp path traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "1.11",
"version_value": "1.11.9"
},
{
"version_affected": "\u003c",
"version_name": "1.12",
"version_value": "1.12.7"
},
{
"version_affected": "\u003c",
"version_name": "1.13",
"version_value": "1.13.5"
},
{
"version_affected": "=",
"version_name": "1.1-1.10",
"version_value": "1.1-1.10"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Ariel Zelivansky of Twistlock"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Data Handling"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/pull/75037",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/pull/75037"
},
{
"name": "107652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107652"
},
{
"name": "RHBA-2019:0620",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0620"
},
{
"name": "RHBA-2019:0619",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0619"
},
{
"name": "RHBA-2019:0636",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0636"
},
{
"name": "FEDORA-2019-bf800b1c04",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/"
},
{
"name": "[oss-security] 20190620 [ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/06/21/1"
},
{
"name": "[oss-security] 20190805 Kubernetes v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2019/08/05/5"
},
{
"name": "FEDORA-2019-2b8ef08c95",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/"
},
{
"name": "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/",
"refsource": "MISC",
"url": "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/"
}
]
},
"source": {
"advisory": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/OYFV1hiDE2w",
"defect": [
"75037"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1002101",
"datePublished": "2019-04-01T14:14:27.768040Z",
"dateReserved": "2019-04-01T00:00:00",
"dateUpdated": "2024-09-16T20:46:49.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1002101
Vulnerability from cvelistv5
Published
2018-12-05 21:00
Modified
2024-08-05 12:47
Severity ?
EPSS score ?
Summary
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/65750 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/106238 | vdb-entry, x_refsource_BID | |
| https://security.netapp.com/advisory/ntap-20190416-0008/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < v1.9.10 Version: unspecified < v1.10.6 Version: unspecified < v1.11.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"name": "106238",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106238"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.9.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.10.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.11.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Tim Allclair"
}
],
"dateAssigned": "2018-05-31T00:00:00",
"datePublic": "2018-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "argument injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-16T05:06:00",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"name": "106238",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106238"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0008/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"DATE_ASSIGNED": "2018-05-31",
"ID": "CVE-2018-1002101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "v1.9.10"
},
{
"version_affected": "\u003c",
"version_value": "v1.10.6"
},
{
"version_affected": "\u003c",
"version_value": "v1.11.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
"Reported by Tim Allclair"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "argument injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/65750",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"name": "106238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106238"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190416-0008/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190416-0008/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2018-1002101",
"datePublished": "2018-12-05T21:00:00",
"dateReserved": "2018-06-04T00:00:00",
"dateUpdated": "2024-08-05T12:47:57.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-1002100
Vulnerability from cvelistv5
Published
2019-04-01 14:14
Modified
2024-08-05 03:00
Severity ?
EPSS score ?
Summary
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/107290 | vdb-entry, x_refsource_BID | |
| https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g | x_refsource_CONFIRM | |
| https://github.com/kubernetes/kubernetes/issues/74534 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190416-0002/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:1851 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:3239 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.0.x Version: v1.1.x Version: v1.2.x Version: v1.3.x Version: v1.4.x Version: v1.5.x Version: v1.6.x Version: v1.7.x Version: v1.8.x Version: v1.9.x Version: v1.10.x Version: unspecified < v1.11.8 Version: unspecified < v1.12.6 Version: unspecified < v1.13.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "107290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/107290"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/74534"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"name": "RHSA-2019:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1851"
},
{
"name": "RHSA-2019:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.0.x"
},
{
"status": "affected",
"version": "v1.1.x"
},
{
"status": "affected",
"version": "v1.2.x"
},
{
"status": "affected",
"version": "v1.3.x"
},
{
"status": "affected",
"version": "v1.4.x"
},
{
"status": "affected",
"version": "v1.5.x"
},
{
"status": "affected",
"version": "v1.6.x"
},
{
"status": "affected",
"version": "v1.7.x"
},
{
"status": "affected",
"version": "v1.8.x"
},
{
"status": "affected",
"version": "v1.9.x"
},
{
"status": "affected",
"version": "v1.10.x"
},
{
"lessThan": "v1.11.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.13.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Carl Henrik Lunde"
}
],
"dateAssigned": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type \"json-patch\" (e.g. `kubectl patch --type json` or `\"Content-Type: application/json-patch+json\"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled Resource Consumption",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T20:06:17",
"orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"shortName": "dwf"
},
"references": [
{
"name": "107290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/107290"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/74534"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"name": "RHSA-2019:1851",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1851"
},
{
"name": "RHSA-2019:3239",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve-assign@distributedweaknessfiling.org",
"DATE_ASSIGNED": "2019-01-15",
"ID": "CVE-2019-1002100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.0.x"
},
{
"version_affected": "=",
"version_value": "v1.1.x"
},
{
"version_affected": "=",
"version_value": "v1.2.x"
},
{
"version_affected": "=",
"version_value": "v1.3.x"
},
{
"version_affected": "=",
"version_value": "v1.4.x"
},
{
"version_affected": "=",
"version_value": "v1.5.x"
},
{
"version_affected": "=",
"version_value": "v1.6.x"
},
{
"version_affected": "=",
"version_value": "v1.7.x"
},
{
"version_affected": "=",
"version_value": "v1.8.x"
},
{
"version_affected": "=",
"version_value": "v1.9.x"
},
{
"version_affected": "=",
"version_value": "v1.10.x"
},
{
"version_affected": "\u003c",
"version_value": "v1.11.8"
},
{
"version_affected": "\u003c",
"version_value": "v1.12.6"
},
{
"version_affected": "\u003c",
"version_value": "v1.13.4"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
"Reported by Carl Henrik Lunde"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type \"json-patch\" (e.g. `kubectl patch --type json` or `\"Content-Type: application/json-patch+json\"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled Resource Consumption"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107290"
},
{
"name": "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g",
"refsource": "CONFIRM",
"url": "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/74534",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/74534"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190416-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"name": "RHSA-2019:1851",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1851"
},
{
"name": "RHSA-2019:3239",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8",
"assignerShortName": "dwf",
"cveId": "CVE-2019-1002100",
"datePublished": "2019-04-01T14:14:27",
"dateReserved": "2019-04-01T00:00:00",
"dateUpdated": "2024-08-05T03:00:19.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25749
Vulnerability from cvelistv5
Published
2023-05-24 00:00
Modified
2024-08-03 20:11
Severity ?
EPSS score ?
Summary
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: kubelet v1.22.0 - v1.22.13 < v1.22.14 Version: kubelet v1.23.0 - v1.23.10 < v1.23.11 Version: kubelet v1.24.0 - v1.24.4 < v1.24.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.22.14",
"status": "affected",
"version": "kubelet v1.22.0 - v1.22.13",
"versionType": "custom"
},
{
"lessThan": "v1.23.11",
"status": "affected",
"version": "kubelet v1.23.0 - v1.23.10",
"versionType": "custom"
},
{
"lessThan": "v1.24.5",
"status": "affected",
"version": "kubelet v1.24.0 - v1.24.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Mark Rosetti (@marosset) of Microsoft"
}
],
"datePublic": "2022-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA"
}
],
"solutions": [
{
"lang": "en",
"value": "To mitigate these vulnerabilities, upgrade Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/112192"
],
"discovery": "EXTERNAL"
},
"title": "runAsNonRoot logic bypass for Windows containers",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25749",
"datePublished": "2023-05-24T00:00:00",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-08-03T20:11:27.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-25743
Vulnerability from cvelistv5
Published
2022-01-07 00:00
Modified
2024-09-16 23:51
Severity ?
EPSS score ?
Summary
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/101695 | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220217-0003/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:11:27.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "1.23.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.23.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.22.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.22.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.21.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.21.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.20.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of 1.20.14",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Eviatar Gerzi"
}
],
"datePublic": "2021-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-150",
"description": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-17T17:06:37",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/101695"
],
"discovery": "EXTERNAL"
},
"title": "ANSI escape characters in kubectl output are not being filtered",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-05-02T12:06:00.000Z",
"ID": "CVE-2021-25743",
"STATE": "PUBLIC",
"TITLE": "ANSI escape characters in kubectl output are not being filtered"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.23.1"
},
{
"version_affected": "?\u003e",
"version_value": "1.23.1"
},
{
"version_affected": "\u003c=",
"version_value": "1.22.5"
},
{
"version_affected": "?\u003e",
"version_value": "1.22.5"
},
{
"version_affected": "\u003c=",
"version_value": "1.21.8"
},
{
"version_affected": "?\u003e",
"version_value": "1.21.8"
},
{
"version_affected": "\u003c=",
"version_value": "1.20.14"
},
{
"version_affected": "?\u003e",
"version_value": "1.20.14"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Eviatar Gerzi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/101695",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220217-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/101695"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2021-25743",
"datePublished": "2022-01-07T00:00:12.399751Z",
"dateReserved": "2021-01-21T00:00:00",
"dateUpdated": "2024-09-16T23:51:24.348Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11246
Vulnerability from cvelistv5
Published
2019-08-29 00:23
Modified
2024-09-16 23:01
Severity ?
EPSS score ?
Summary
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/pull/76788 | x_refsource_CONFIRM | |
| https://groups.google.com/forum/#%21topic/kubernetes-security-announce/NLs2TGbfPdo | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20190919-0003/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.12.9 Version: prior to 1.13.6 Version: prior to 1.14.2 Version: 1.1 Version: 1.2 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/76788"
},
{
"name": "[ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/NLs2TGbfPdo"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.12.9"
},
{
"status": "affected",
"version": "prior to 1.13.6"
},
{
"status": "affected",
"version": "prior to 1.14.2"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Charles Holmes, Atredis Partners"
}
],
"datePublic": "2019-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-19T16:06:08",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/pull/76788"
},
{
"name": "[ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/NLs2TGbfPdo"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/pull/76788"
],
"discovery": "USER"
},
"title": "kubectl cp allows symlink directory traversal",
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2019-06-21",
"ID": "CVE-2019-11246",
"STATE": "PUBLIC",
"TITLE": "kubectl cp allows symlink directory traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.12.9"
},
{
"version_value": "prior to 1.13.6"
},
{
"version_value": "prior to 1.14.2"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.4"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Charles Holmes, Atredis Partners"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/pull/76788",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/pull/76788"
},
{
"name": "[ANNOUNCE] Incomplete fixes for CVE-2019-1002101, kubectl cp potential directory traversal - CVE-2019-11246",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/#!topic/kubernetes-security-announce/NLs2TGbfPdo"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/pull/76788"
],
"discovery": "USER"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11246",
"datePublished": "2019-08-29T00:23:54.992356Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-16T23:01:11.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-3676
Vulnerability from cvelistv5
Published
2023-10-31 20:22
Modified
2024-08-02 07:01
Severity ?
EPSS score ?
Summary
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | kubelet |
Version: v1.28.0 Version: v1.27.0 ≤ v1.27.4 Version: v1.26.0 ≤ v1.26.7 Version: v1.25.0 ≤ v1.25.12 Version: 0 ≤ v1.24.16 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119339"
},
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20231130-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "kubelet",
"repo": "https://github.com/kubernetes/kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.28.0"
},
{
"lessThanOrEqual": "v1.27.4",
"status": "affected",
"version": "v1.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.26.7",
"status": "affected",
"version": "v1.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "v1.25.12",
"status": "affected",
"version": "v1.25.0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "v1.28.1"
},
{
"status": "unaffected",
"version": "v1.27.5"
},
{
"status": "unaffected",
"version": "v1.26.8"
},
{
"status": "unaffected",
"version": "v1.25.13"
},
{
"status": "unaffected",
"version": "v1.24.17"
},
{
"lessThanOrEqual": "v1.24.16",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tomer Peled"
}
],
"datePublic": "2023-08-23T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\u003cbr\u003e"
}
],
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-31T20:22:53.620Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119339"
},
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0007/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-3676",
"datePublished": "2023-10-31T20:22:53.620Z",
"dateReserved": "2023-07-14T16:06:03.399Z",
"dateUpdated": "2024-08-02T07:01:57.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1002100
Vulnerability from cvelistv5
Published
2017-09-14 13:00
Modified
2024-09-16 16:53
Severity ?
EPSS score ?
Summary
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ | x_refsource_MISC | |
| https://github.com/kubernetes/kubernetes/issues/47611 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.6.0 < unspecified Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/47611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "v1.6.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to \"container\" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Permissions",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-14T13:00:00Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/47611"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"ID": "CVE-2017-1002100",
"REQUESTER": "kubernetes-security@googlegroups.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_value": "v1.6.0"
},
{
"version_affected": "\u003c=",
"version_value": "v1.6.5"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to \"container\" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ",
"refsource": "MISC",
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/47611",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/47611"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2017-1002100",
"datePublished": "2017-09-14T13:00:00Z",
"dateReserved": "2017-09-14T00:00:00Z",
"dateUpdated": "2024-09-16T16:53:57.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11248
Vulnerability from cvelistv5
Published
2019-08-29 00:26
Modified
2024-09-17 03:28
Severity ?
EPSS score ?
Summary
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/81023 | x_refsource_CONFIRM | |
| https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20190919-0003/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.12.10 Version: prior to 1.13.8 Version: prior to 1.14.4 Version: 1.1 Version: 1.2 Version: 1.4 Version: 1.5 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81023"
},
{
"name": "CVE-2019-11248: /debug/pprof exposed on kubelet\u0027s healthz port",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.12.10"
},
{
"status": "affected",
"version": "prior to 1.13.8"
},
{
"status": "affected",
"version": "prior to 1.14.4"
},
{
"status": "affected",
"version": "1.1"
},
{
"status": "affected",
"version": "1.2"
},
{
"status": "affected",
"version": "1.4"
},
{
"status": "affected",
"version": "1.5"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jordan Zebor, F5 Networks"
}
],
"datePublic": "2019-08-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet\u0027s healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-419",
"description": "CWE-419: Unprotected Primary Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-19T16:06:08",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81023"
},
{
"name": "CVE-2019-11248: /debug/pprof exposed on kubelet\u0027s healthz port",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/81023"
],
"discovery": "USER"
},
"title": "Kubernetes kubelet exposes /debug/pprof info on healthz port",
"workarounds": [
{
"lang": "en",
"value": "update node configurations to set the \"healthzBindAddress\" to \"127.0.0.1\" to prevent access by remote callers."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2019-08-06",
"ID": "CVE-2019-11248",
"STATE": "PUBLIC",
"TITLE": "Kubernetes kubelet exposes /debug/pprof info on healthz port"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.12.10"
},
{
"version_value": "prior to 1.13.8"
},
{
"version_value": "prior to 1.14.4"
},
{
"version_value": "1.1"
},
{
"version_value": "1.2"
},
{
"version_value": "1.4"
},
{
"version_value": "1.4"
},
{
"version_value": "1.5"
},
{
"version_value": "1.6"
},
{
"version_value": "1.7"
},
{
"version_value": "1.8"
},
{
"version_value": "1.9"
},
{
"version_value": "1.10"
},
{
"version_value": "1.11"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "Jordan Zebor, F5 Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet\u0027s healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-419: Unprotected Primary Channel"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/81023",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/81023"
},
{
"name": "CVE-2019-11248: /debug/pprof exposed on kubelet\u0027s healthz port",
"refsource": "MLIST",
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/81023"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "update node configurations to set the \"healthzBindAddress\" to \"127.0.0.1\" to prevent access by remote callers."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11248",
"datePublished": "2019-08-29T00:26:08.867578Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-17T03:28:37.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8562
Vulnerability from cvelistv5
Published
2022-02-01 10:33
Modified
2024-09-16 17:08
Severity ?
EPSS score ?
Summary
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/101493 | x_refsource_MISC | |
| https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20220225-0002/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: unspecified < Version: unspecified < Version: unspecified < Version: unspecified < |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101493"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "v1.18.18",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of v1.18.18",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.19.10",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of v1.19.10",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.20.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of v1.20.6",
"versionType": "custom"
},
{
"lessThanOrEqual": "v1.21.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "unknown",
"version": "next of v1.21.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Javier Provecho"
}
],
"datePublic": "2021-05-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-25T09:06:13",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101493"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0002/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/101493"
],
"discovery": "EXTERNAL"
},
"title": "Bypass of Kubernetes API Server proxy TOCTOU",
"workarounds": [
{
"lang": "en",
"value": "If this issue affects your clusters\u2019 control planes, you can use dnsmasq for name resolution and configure the min-cache-ttl and neg-ttl parameters to a low non-zero value to enforce cached replies for proxied connections"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-05-04T16:51:00.000Z",
"ID": "CVE-2020-8562",
"STATE": "PUBLIC",
"TITLE": "Bypass of Kubernetes API Server proxy TOCTOU"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "v1.18.18"
},
{
"version_affected": "?\u003e",
"version_value": "v1.18.18"
},
{
"version_affected": "\u003c=",
"version_value": "v1.19.10"
},
{
"version_affected": "?\u003e",
"version_value": "v1.19.10"
},
{
"version_affected": "\u003c=",
"version_value": "v1.20.6"
},
{
"version_affected": "?\u003e",
"version_value": "v1.20.6"
},
{
"version_affected": "\u003c=",
"version_value": "v1.21.0"
},
{
"version_affected": "?\u003e",
"version_value": "v1.21.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Javier Provecho"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/101493",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/101493"
},
{
"name": "https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY",
"refsource": "MISC",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY"
},
{
"name": "https://security.netapp.com/advisory/ntap-20220225-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20220225-0002/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/101493"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "If this issue affects your clusters\u2019 control planes, you can use dnsmasq for name resolution and configure the min-cache-ttl and neg-ttl parameters to a low non-zero value to enforce cached replies for proxied connections"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8562",
"datePublished": "2022-02-01T10:33:00.317144Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T17:08:37.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7561
Vulnerability from cvelistv5
Published
2017-08-07 17:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/pull/18909 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1291963 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.614Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/18909"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291963"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/pull/18909"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291963"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7561",
"datePublished": "2017-08-07T17:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.614Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8566
Vulnerability from cvelistv5
Published
2020-12-07 22:00
Modified
2024-09-16 20:17
Severity ?
EPSS score ?
Summary
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
References
| ▼ | URL | Tags |
|---|---|---|
| https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | mailing-list, x_refsource_MLIST | |
| https://github.com/kubernetes/kubernetes/issues/95624 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20210122-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: < 1.19.3 Version: < 1.18.10 Version: < 1.17.13 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95624"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.3"
},
{
"status": "affected",
"version": "\u003c 1.18.10"
},
{
"status": "affected",
"version": "\u003c 1.17.13"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaizhe Huang (derek0405)"
}
],
"datePublic": "2020-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager\u0027s logs during provisioning of Ceph RBD persistent claims. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-22T12:06:20",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95624"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95624"
],
"discovery": "EXTERNAL"
},
"title": "Ceph RBD adminSecrets exposed in logs when loglevel \u003e= 4",
"workarounds": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 4), limit access to logs."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-10-15T04:00:00.000Z",
"ID": "CVE-2020-8566",
"STATE": "PUBLIC",
"TITLE": "Ceph RBD adminSecrets exposed in logs when loglevel \u003e= 4"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "\u003c 1.19.3"
},
{
"version_value": "\u003c 1.18.10"
},
{
"version_value": "\u003c 1.17.13"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaizhe Huang (derek0405)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager\u0027s logs during provisioning of Ceph RBD persistent claims. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Multiple secret leaks when verbose logging is enabled",
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/95624",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/95624"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95624"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 4), limit access to logs."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8566",
"datePublished": "2020-12-07T22:00:16.139583Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T20:17:09.853Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-2727
Vulnerability from cvelistv5
Published
2023-07-03 20:05
Modified
2024-11-25 17:44
Severity ?
EPSS score ?
Summary
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.24.14 ≤ <= Version: v1.25.0 - v1.25.10 Version: v1.26.0 - v1.26.5 Version: v1.27.0 - v1.27.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T06:33:05.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"tags": [
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-2727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:43:56.206309Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:44:04.977Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThanOrEqual": "\u003c=",
"status": "affected",
"version": "v1.24.14",
"versionType": "semver"
},
{
"status": "affected",
"version": "v1.25.0 - v1.25.10"
},
{
"status": "affected",
"version": "v1.26.0 - v1.26.5"
},
{
"status": "affected",
"version": "v1.27.0 - v1.27.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Stanislav L\u00e1zni\u010dka"
}
],
"datePublic": "2023-06-15T04:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eUsers may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\u003c/div\u003e"
}
],
"value": "Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-03T20:05:04.329Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"mailing-list"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003eTo mitigate this vulnerability, upgrade Kubernetes: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster\"\u003ehttps://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster\u003c/a\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "To mitigate this vulnerability, upgrade Kubernetes: https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster https://kubernetes.io/docs/tasks/administer-cluster/cluster-management/#upgrading-a-cluster \n\n\n\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Bypassing policies imposed by the ImagePolicyWebhook admission plugin",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cdiv\u003ePrior to upgrading, this vulnerability can be mitigated by running v\u003cspan style=\"background-color: var(--wht);\"\u003ealidation webhooks (such as Gatekeeper and Kyverno) to enforce the same restrictions for ephemeral containers.\u003c/span\u003e\u003c/div\u003e\u003c/div\u003e"
}
],
"value": "Prior to upgrading, this vulnerability can be mitigated by running validation webhooks (such as Gatekeeper and Kyverno) to enforce the same restrictions for ephemeral containers.\n\n\n\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2023-2727",
"datePublished": "2023-07-03T20:05:04.329Z",
"dateReserved": "2023-05-16T00:31:53.873Z",
"dateUpdated": "2024-11-25T17:44:04.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1002102
Vulnerability from cvelistv5
Published
2018-03-13 17:00
Modified
2024-08-05 22:00
Severity ?
EPSS score ?
Summary
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0475 | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/kubernetes/kubernetes/issues/60814 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.3.x Version: v1.4.x Version: v1.5.x Version: v1.6.x Version: unspecified < v1.7.14 Version: unspecified < v1.8.9 Version: unspecified < v1.9.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60814"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.3.x"
},
{
"status": "affected",
"version": "v1.4.x"
},
{
"status": "affected",
"version": "v1.5.x"
},
{
"status": "affected",
"version": "v1.6.x"
},
{
"lessThan": "v1.7.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.8.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.9.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Joel Smith of Red Hat"
}
],
"dateAssigned": "2017-12-06T00:00:00",
"datePublic": "2018-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "handled symbolic links insecurely",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T09:57:01",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "RHSA-2018:0475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60814"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"DATE_ASSIGNED": "2017-12-06",
"ID": "CVE-2017-1002102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.3.x"
},
{
"version_affected": "=",
"version_value": "v1.4.x"
},
{
"version_affected": "=",
"version_value": "v1.5.x"
},
{
"version_affected": "=",
"version_value": "v1.6.x"
},
{
"version_affected": "\u003c",
"version_value": "v1.7.14"
},
{
"version_affected": "\u003c",
"version_value": "v1.8.9"
},
{
"version_affected": "\u003c",
"version_value": "v1.9.4"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
"Reported by Joel Smith of Red Hat"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "handled symbolic links insecurely"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/60814",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/60814"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2017-1002102",
"datePublished": "2018-03-13T17:00:00",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-08-05T22:00:41.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-1002101
Vulnerability from cvelistv5
Published
2018-03-13 17:00
Modified
2024-08-05 22:00
Severity ?
EPSS score ?
Summary
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:0475 | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/kubernetes/kubernetes/issues/60813 | x_refsource_CONFIRM | |
| https://github.com/bgeesaman/subpath-exploit/ | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html | vendor-advisory, x_refsource_SUSE |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.3.x Version: v1.4.x Version: v1.5.x Version: v1.6.x Version: unspecified < v1.7.14 Version: unspecified < v1.8.9 Version: unspecified < v1.9.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:41.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:0475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60813"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bgeesaman/subpath-exploit/"
},
{
"name": "openSUSE-SU-2020:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.3.x"
},
{
"status": "affected",
"version": "v1.4.x"
},
{
"status": "affected",
"version": "v1.5.x"
},
{
"status": "affected",
"version": "v1.6.x"
},
{
"lessThan": "v1.7.14",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.8.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "v1.9.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Maxim Ivanov"
}
],
"dateAssigned": "2017-12-06T00:00:00",
"datePublic": "2018-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host\u0027s filesystem."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "handled symbolic links insecurely",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-26T20:06:14",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"name": "RHSA-2018:0475",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60813"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bgeesaman/subpath-exploit/"
},
{
"name": "openSUSE-SU-2020:0554",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_ASSIGNED": "2017-12-06",
"ID": "CVE-2017-1002101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.3.x"
},
{
"version_affected": "=",
"version_value": "v1.4.x"
},
{
"version_affected": "=",
"version_value": "v1.5.x"
},
{
"version_affected": "=",
"version_value": "v1.6.x"
},
{
"version_affected": "\u003c",
"version_value": "v1.7.14"
},
{
"version_affected": "\u003c",
"version_value": "v1.8.9"
},
{
"version_affected": "\u003c",
"version_value": "v1.9.4"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
"Reported by Maxim Ivanov"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host\u0027s filesystem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "handled symbolic links insecurely"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0475",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"name": "https://github.com/kubernetes/kubernetes/issues/60813",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/60813"
},
{
"name": "https://github.com/bgeesaman/subpath-exploit/",
"refsource": "MISC",
"url": "https://github.com/bgeesaman/subpath-exploit/"
},
{
"name": "openSUSE-SU-2020:0554",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2017-1002101",
"datePublished": "2018-03-13T17:00:00",
"dateReserved": "2017-12-07T00:00:00",
"dateUpdated": "2024-08-05T22:00:41.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1002102
Vulnerability from cvelistv5
Published
2019-12-05 16:05
Modified
2024-09-17 00:56
Severity ?
EPSS score ?
Summary
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/85867 | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.14 < v1.14.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/85867"
},
{
"name": "FEDORA-2020-943f4b03d2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.14.0",
"status": "affected",
"version": "v1.14",
"versionType": "custom"
}
]
}
],
"datePublic": "2018-09-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-12T03:06:08",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/85867"
},
{
"name": "FEDORA-2020-943f4b03d2",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/85867"
],
"discovery": "USER"
},
"title": "Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints",
"workarounds": [
{
"lang": "en",
"value": "For Kubernetes versions \u003e= v1.10.0, the ValidateProxyRedirects feature can be manually enabled with the kube-apiserver flag --feature-gates=ValidateProxyRedirects=true"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2018-09-26",
"ID": "CVE-2018-1002102",
"STATE": "PUBLIC",
"TITLE": "Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "v1.14",
"version_value": "v1.14.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/85867",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/85867"
},
{
"name": "FEDORA-2020-943f4b03d2",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/85867"
],
"discovery": "USER"
},
"work_around": [
{
"lang": "en",
"value": "For Kubernetes versions \u003e= v1.10.0, the ValidateProxyRedirects feature can be manually enabled with the kube-apiserver flag --feature-gates=ValidateProxyRedirects=true"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2018-1002102",
"datePublished": "2019-12-05T16:05:18.042235Z",
"dateReserved": "2018-12-05T00:00:00",
"dateUpdated": "2024-09-17T00:56:37.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11250
Vulnerability from cvelistv5
Published
2019-08-29 00:40
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/81114 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20190919-0003/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:4052 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2019:4087 | vendor-advisory, x_refsource_REDHAT | |
| http://www.openwall.com/lists/oss-security/2020/10/16/2 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: prior to 1.16 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81114"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHSA-2019:4052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4052"
},
{
"name": "RHSA-2019:4087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4087"
},
{
"name": "[oss-security] 20201016 Kubernetes: Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/16/2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "prior to 1.16"
}
]
}
],
"datePublic": "2019-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Inclusion of Sensitive Information in Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T08:06:12",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81114"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHSA-2019:4052",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4052"
},
{
"name": "RHSA-2019:4087",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4087"
},
{
"name": "[oss-security] 20201016 Kubernetes: Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/10/16/2"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/81114"
],
"discovery": "EXTERNAL"
},
"title": "Kubernetes client-go logs authorization headers at debug verbosity levels",
"workarounds": [
{
"lang": "en",
"value": "lower log verbosity levels to \u003c= 6"
}
],
"x_generator": {
"engine": "Vulnogram 0.0.7"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2019-08-12",
"ID": "CVE-2019-11250",
"STATE": "PUBLIC",
"TITLE": "Kubernetes client-go logs authorization headers at debug verbosity levels"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "prior to 1.16"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"configuration": [],
"credit": [],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.7"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Inclusion of Sensitive Information in Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/81114",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/81114"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190919-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"name": "RHSA-2019:4052",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4052"
},
{
"name": "RHSA-2019:4087",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4087"
},
{
"name": "[oss-security] 20201016 Kubernetes: Multiple secret leaks when verbose logging is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/10/16/2"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://github.com/kubernetes/kubernetes/issues/81114"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "lower log verbosity levels to \u003c= 6"
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11250",
"datePublished": "2019-08-29T00:40:43.341051Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-17T02:06:55.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11244
Vulnerability from cvelistv5
Published
2019-04-22 14:54
Modified
2024-08-04 22:48
Severity ?
EPSS score ?
Summary
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/76676 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108064 | vdb-entry, x_refsource_BID | |
| https://security.netapp.com/advisory/ntap-20190509-0002/ | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2019:3942 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2020:0020 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2020:0074 | vendor-advisory, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.8.0 < v1.8* Version: v1.9.0 < v1.9* Version: v1.10.0 < v1.10* Version: v1.11.0 < v1.11* Version: v1.12.0 < v1.12* Version: v1.13.0 < v1.13* Version: v1.14.0 < v1.14* |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76676"
},
{
"name": "108064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108064"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
},
{
"name": "RHSA-2019:3942",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3942"
},
{
"name": "RHSA-2020:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0020"
},
{
"name": "RHSA-2020:0074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"lessThan": "v1.8*",
"status": "affected",
"version": "v1.8.0",
"versionType": "custom"
},
{
"lessThan": "v1.9*",
"status": "affected",
"version": "v1.9.0",
"versionType": "custom"
},
{
"lessThan": "v1.10*",
"status": "affected",
"version": "v1.10.0",
"versionType": "custom"
},
{
"lessThan": "v1.11*",
"status": "affected",
"version": "v1.11.0",
"versionType": "custom"
},
{
"lessThan": "v1.12*",
"status": "affected",
"version": "v1.12.0",
"versionType": "custom"
},
{
"lessThan": "v1.13*",
"status": "affected",
"version": "v1.13.0",
"versionType": "custom"
},
{
"lessThan": "v1.14*",
"status": "affected",
"version": "v1.14.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jordan Zebor of F5 Networks"
}
],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524 Information Exposure Through Caching",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-21T19:06:10",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76676"
},
{
"name": "108064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108064"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
},
{
"name": "RHSA-2019:3942",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3942"
},
{
"name": "RHSA-2020:0020",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0020"
},
{
"name": "RHSA-2020:0074",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0074"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "kubectl creates world-writeable cached schema files",
"workarounds": [
{
"lang": "en",
"value": "Use the default --http-cache location in the $HOME directory or point it at a directory that is only accessible to desired users/groups."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.6"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"ID": "CVE-2019-11244",
"STATE": "PUBLIC",
"TITLE": "kubectl creates world-writeable cached schema files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "\u003e=",
"version_name": "v1.8",
"version_value": "v1.8.0"
},
{
"version_affected": "\u003e=",
"version_name": "v1.9",
"version_value": "v1.9.0"
},
{
"version_affected": "\u003e=",
"version_name": "v1.10",
"version_value": "v1.10.0"
},
{
"version_affected": "\u003e=",
"version_name": "v1.11",
"version_value": "v1.11.0"
},
{
"version_affected": "\u003e=",
"version_name": "v1.12",
"version_value": "v1.12.0"
},
{
"version_affected": "\u003e=",
"version_name": "v1.13",
"version_value": "v1.13.0"
},
{
"version_affected": "\u003e=",
"version_name": "v1.14",
"version_value": "v1.14.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jordan Zebor of F5 Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.6"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-524 Information Exposure Through Caching"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/76676",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/issues/76676"
},
{
"name": "108064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108064"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190509-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
},
{
"name": "RHSA-2019:3942",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3942"
},
{
"name": "RHSA-2020:0020",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0020"
},
{
"name": "RHSA-2020:0074",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0074"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "en",
"value": "Use the default --http-cache location in the $HOME directory or point it at a directory that is only accessible to desired users/groups."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11244",
"datePublished": "2019-04-22T14:54:15",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-08-04T22:48:09.162Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-1002100
Vulnerability from cvelistv5
Published
2018-06-01 21:00
Modified
2024-09-16 16:17
Severity ?
EPSS score ?
Summary
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/61297 | x_refsource_CONFIRM | |
| https://hansmi.ch/articles/2018-04-openshift-s2i-security | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1564305 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: v1.5.x Version: v1.6.x Version: v1.7.x Version: v1.8.x Version: unspecified < v1.9.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:47:57.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/61297"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "v1.5.x"
},
{
"status": "affected",
"version": "v1.6.x"
},
{
"status": "affected",
"version": "v1.7.x"
},
{
"status": "affected",
"version": "v1.8.x"
},
{
"lessThan": "v1.9.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Reported by Michael Hanselmann"
}
],
"dateAssigned": "2018-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "directory traversal vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-06-01T21:00:00Z",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/61297"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"DATE_ASSIGNED": "2018-04-13",
"ID": "CVE-2018-1002100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "v1.5.x"
},
{
"version_affected": "=",
"version_value": "v1.6.x"
},
{
"version_affected": "=",
"version_value": "v1.7.x"
},
{
"version_affected": "=",
"version_value": "v1.8.x"
},
{
"version_affected": "\u003c",
"version_value": "v1.9.6"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
"Reported by Michael Hanselmann"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "directory traversal vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/61297",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/61297"
},
{
"name": "https://hansmi.ch/articles/2018-04-openshift-s2i-security",
"refsource": "MISC",
"url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2018-1002100",
"datePublished": "2018-06-01T21:00:00Z",
"dateReserved": "2018-06-01T00:00:00Z",
"dateUpdated": "2024-09-16T16:17:37.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8563
Vulnerability from cvelistv5
Published
2020-12-07 22:00
Modified
2024-09-16 17:18
Severity ?
EPSS score ?
Summary
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/95621 | x_refsource_CONFIRM | |
| https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | mailing-list, x_refsource_MLIST | |
| https://security.netapp.com/advisory/ntap-20210122-0006/ | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: < 1.19.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:46.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95621"
},
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "\u003c 1.19.3"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kaizhe Huang (derek0405)"
}
],
"datePublic": "2020-10-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager\u0027s log. This affects \u003c v1.19.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Information Exposure Through Log Files",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-22T12:06:19",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95621"
},
{
"name": "Multiple secret leaks when verbose logging is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95621"
],
"discovery": "EXTERNAL"
},
"title": "Secret leaks in logs for vSphere Provider kube-controller-manager",
"workarounds": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 4), limit access to logs."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-10-15T04:00:00.000Z",
"ID": "CVE-2020-8563",
"STATE": "PUBLIC",
"TITLE": "Secret leaks in logs for vSphere Provider kube-controller-manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_value": "\u003c 1.19.3"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kaizhe Huang (derek0405)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager\u0027s log. This affects \u003c v1.19.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532 Information Exposure Through Log Files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/95621",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/95621"
},
{
"name": "Multiple secret leaks when verbose logging is enabled",
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210122-0006/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/95621"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Do not enable verbose logging in production (log level \u003e= 4), limit access to logs."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2020-8563",
"datePublished": "2020-12-07T22:00:25.689659Z",
"dateReserved": "2020-02-03T00:00:00",
"dateUpdated": "2024-09-16T17:18:26.773Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7528
Vulnerability from cvelistv5
Published
2016-04-11 21:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/openshift/origin/pull/6113 | x_refsource_CONFIRM | |
| https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2015-2615.html | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2015:2544 | vendor-advisory, x_refsource_REDHAT | |
| https://github.com/kubernetes/kubernetes/pull/17886 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/openshift/origin/pull/6113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5"
},
{
"name": "RHSA-2015:2615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2615.html"
},
{
"name": "RHSA-2015:2544",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2015:2544"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/17886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-11T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/openshift/origin/pull/6113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5"
},
{
"name": "RHSA-2015:2615",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2615.html"
},
{
"name": "RHSA-2015:2544",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2015:2544"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/pull/17886"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7528",
"datePublished": "2016-04-11T21:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-11252
Vulnerability from cvelistv5
Published
2020-07-23 14:47
Modified
2024-09-17 04:24
Severity ?
EPSS score ?
Summary
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/pull/88684 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Kubernetes | Kubernetes |
Version: 1.16 Version: 1.17 Version: 1.6 Version: 1.7 Version: 1.8 Version: 1.9 Version: 1.10 Version: 1.11 Version: 1.12 Version: 1.13 Version: 1.14 Version: 1.15 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T22:48:09.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/pull/88684"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Kubernetes",
"vendor": "Kubernetes",
"versions": [
{
"status": "affected",
"version": "1.16"
},
{
"status": "affected",
"version": "1.17"
},
{
"status": "affected",
"version": "1.6"
},
{
"status": "affected",
"version": "1.7"
},
{
"status": "affected",
"version": "1.8"
},
{
"status": "affected",
"version": "1.9"
},
{
"status": "affected",
"version": "1.10"
},
{
"status": "affected",
"version": "1.11"
},
{
"status": "affected",
"version": "1.12"
},
{
"status": "affected",
"version": "1.13"
},
{
"status": "affected",
"version": "1.14"
},
{
"status": "affected",
"version": "1.15"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Christopher J. Ruwe"
}
],
"datePublic": "2020-03-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Information Exposure Through an Error Message",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-23T14:47:38",
"orgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"shortName": "kubernetes"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kubernetes/kubernetes/pull/88684"
}
],
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/pull/88684"
],
"discovery": "EXTERNAL"
},
"title": "Credential leakage when failing to mount",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-03-04T05:00:00.000Z",
"ID": "CVE-2019-11252",
"STATE": "PUBLIC",
"TITLE": "Credential leakage when failing to mount"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_name": "1.16",
"version_value": "1.16"
},
{
"version_name": "1.17",
"version_value": "1.17"
},
{
"version_name": "1.6",
"version_value": "1.6"
},
{
"version_name": "1.7",
"version_value": "1.7"
},
{
"version_name": "1.8",
"version_value": "1.8"
},
{
"version_name": "1.9",
"version_value": "1.9"
},
{
"version_name": "1.10",
"version_value": "1.10"
},
{
"version_name": "1.11",
"version_value": "1.11"
},
{
"version_name": "1.12",
"version_value": "1.12"
},
{
"version_name": "1.13",
"version_value": "1.13"
},
{
"version_name": "1.14",
"version_value": "1.14"
},
{
"version_name": "1.15",
"version_value": "1.15"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Christopher J. Ruwe"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-209 Information Exposure Through an Error Message"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/pull/88684",
"refsource": "MISC",
"url": "https://github.com/kubernetes/kubernetes/pull/88684"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/pull/88684"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565",
"assignerShortName": "kubernetes",
"cveId": "CVE-2019-11252",
"datePublished": "2020-07-23T14:47:38.187100Z",
"dateReserved": "2019-04-17T00:00:00",
"dateUpdated": "2024-09-17T04:24:20.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-7075
Vulnerability from cvelistv5
Published
2018-09-10 14:00
Modified
2024-08-06 01:50
Severity ?
EPSS score ?
Summary
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/34517 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 | x_refsource_CONFIRM | |
| https://access.redhat.com/errata/RHSA-2016:2064 | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:47.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kubernetes/kubernetes/issues/34517"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"
},
{
"name": "RHSA-2016:2064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2064"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OpenShift",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-11T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kubernetes/kubernetes/issues/34517"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"
},
{
"name": "RHSA-2016:2064",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2064"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7075",
"datePublished": "2018-09-10T14:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:47.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2020-07-27 20:15
Modified
2024-11-21 05:39
Severity ?
5.4 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/92315 | Exploit, Mitigation, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ | Exploit, Mailing List, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20200821-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/92315 | Exploit, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ | Exploit, Mailing List, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200821-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9586C74C-1239-4E96-89A6-F618D14EF889",
"versionEndIncluding": "1.16.10",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D0C82A-F13C-4D41-854D-51234D20873E",
"versionEndIncluding": "1.17.6",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FDA694A4-8EC3-47E1-A1F3-CF083D894371",
"versionEndIncluding": "1.18.3",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node\u0027s network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service."
},
{
"lang": "es",
"value": "Se encontr\u00f3 que los componentes Kubelet y kube-proxy en las versiones 1.1.0-1.16.10, 1.17.0-1.17.6 y 1.18.0-1.18.3, contienen un problema de seguridad que permite a los hosts adyacentes alcanzar los servicios TCP y UDP vinculados a la versi\u00f3n 127.0.0.1, que se ejecutan en el nodo o en el espacio de nombres de red del nodo. Dicho servicio se considera generalmente que puede ser alcanzado solo por otros procesos en el mismo host, pero debido a esta defensa, podr\u00edan ser alcanzados por otros hosts en la misma LAN que el nodo o por contenedores que se ejecutan en el mismo nodo que el servicio"
}
],
"id": "CVE-2020-8558",
"lastModified": "2024-11-21T05:39:01.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-27T20:15:12.413",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92315"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0001/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-420"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-27 15:15
Modified
2024-11-21 05:39
Severity ?
4.3 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44ECF71D-7483-45B0-8BF5-92284C11696C",
"versionEndIncluding": "1.15.9",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02C07F21-ECB7-4BD2-85AF-C2BB24F175FF",
"versionEndIncluding": "1.16.6",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0FF258-1EFA-4FF0-84C7-B2976BD70BD3",
"versionEndIncluding": "1.17.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via the kubelet API, including the unauthenticated HTTP read-only API typically served on port 10255, and the authenticated HTTPS API typically served on port 10250."
},
{
"lang": "es",
"value": "Se detect\u00f3 que el componente Kubelet en versiones 1.15.0-1.15.9, versiones 1.16.0-1.16.6 y versiones 1.17.0-1.17.2, es vulnerable a un ataque de denegaci\u00f3n de servicio por medio la API de kubelet, incluyendo la API de solo lectura HTTP no autenticada t\u00edpicamente servida en el puerto 10255, y la API HTTPS autenticada t\u00edpicamente servida en el puerto 10250."
}
],
"id": "CVE-2020-8551",
"lastModified": "2024-11-21T05:39:01.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-27T15:15:12.647",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89377"
},
{
"source": "jordan@liggitt.net",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-03 18:59
Modified
2024-11-21 02:47
Severity ?
Summary
Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C32308-314D-4E0D-B15F-6A68DF21E9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed."
},
{
"lang": "es",
"value": "Openshift, permite a los atacantes remotos alcanzar privilegios mediante la actualizaci\u00f3n de una configuraci\u00f3n de compilaci\u00f3n que fue dise\u00f1ada con un tipo permitido en un tipo que no est\u00e1 permitido."
}
],
"id": "CVE-2016-1906",
"lastModified": "2024-11-21T02:47:19.540",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-03T18:59:09.757",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2016:0351"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin/issues/6556"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin/pull/6576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:0351"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin/issues/6556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin/pull/6576"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-03 21:15
Modified
2024-11-21 07:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D47082-4E70-4CBE-B52B-B2A83903F17B",
"versionEndIncluding": "1.24.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB1E96C-4CC8-4BE3-9BC6-2AE760B8AD3F",
"versionEndIncluding": "1.25.10",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFB3393-262F-4179-B397-A08519AD6BE3",
"versionEndIncluding": "1.26.5",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B26D20B-7A52-4957-8D0A-9D65572B764C",
"versionEndIncluding": "1.27.2",
"versionStartIncluding": "1.27.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account\u2019s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\n\n"
}
],
"id": "CVE-2023-2728",
"lastModified": "2024-11-21T07:59:10.813",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-03T21:15:09.557",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/3"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-22 15:29
Modified
2024-11-21 04:20
Severity ?
Summary
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | http://www.securityfocus.com/bid/108053 | Third Party Advisory, VDB Entry | |
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/76797 | Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20190509-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108053 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/76797 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190509-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.13.0 | |
| netapp | trident | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA1909D3-D45E-4AD4-B773-51ADCFC63113",
"versionEndIncluding": "1.12.4",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E277E5AC-48ED-4993-9D3F-F0551E70BBE0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()"
},
{
"lang": "es",
"value": "En Kubernetes versi\u00f3n 1.12.0 hasta versi\u00f3n 1.12.4 y versi\u00f3n 1.13.0, el m\u00e9todo rest.AnonymousClientConfig() retorna una copia de la configuraci\u00f3n provista, con las credenciales removidas (token de portador, nombre de usuario/contrase\u00f1a y certificado/clave del cliente). En las versiones afectadas, la funci\u00f3n rest.AnonymousClientConfig() no limpi\u00f3 efectivamente las credenciales de cuenta de servicio cargadas usando la funci\u00f3n rest.InClusterConfig()."
}
],
"id": "CVE-2019-11243",
"lastModified": "2024-11-21T04:20:47.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T15:29:00.790",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108053"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76797"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-271"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-212"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-02-01 11:15
Modified
2024-11-21 05:39
Severity ?
2.2 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/101493 | Issue Tracking, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY | Mailing List, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20220225-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/101493 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220225-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.21.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BE1AD99-F12A-4F6E-8EA5-578F32A1F15F",
"versionEndIncluding": "1.18.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34CCC198-AAA6-4DAE-94C4-B8CE55F621F7",
"versionEndIncluding": "1.19.10",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6868B56F-DDBE-4CDA-9537-A0CAD3CDB1AB",
"versionEndIncluding": "1.20.6",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3D8AFD-1FB4-4F98-8522-E57A15DD00BB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane."
},
{
"lang": "es",
"value": "Como mitigaci\u00f3n a un informe de 2019 y CVE-2020-8555, Kubernetes intenta impedir que las conexiones proxy accedan a las redes link-local o localhost cuando son realizadas conexiones impulsadas por el usuario a los servicios, pods, nodos o proveedores de servicios StorageClass. Como parte de esta mitigaci\u00f3n, Kubernetes realiza una comprobaci\u00f3n de resoluci\u00f3n de nombres DNS y comprueba que las IPs de respuesta no est\u00e9n en el rango link-local (169.254.0.0/16) o localhost (127.0.0/8). A continuaci\u00f3n, Kubernetes lleva a cabo una segunda resoluci\u00f3n de DNS sin comprobar para la conexi\u00f3n real. Si un servidor DNS no est\u00e1ndar devuelve diferentes respuestas no almacenadas en cach\u00e9, un usuario puede ser capaz de omitir la restricci\u00f3n de la IP del proxy y acceder a redes privadas en el plano de control"
}
],
"id": "CVE-2020-8562",
"lastModified": "2024-11-21T05:39:02.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-02-01T11:15:10.903",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101493"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220225-0002/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-367"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-17 16:15
Modified
2024-11-21 04:20
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| redhat | openshift_container_platform | 3.9 | |
| redhat | openshift_container_platform | 3.10 | |
| redhat | openshift_container_platform | 3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F0820894-56B7-4CB8-AE5C-29639FA59718",
"versionEndIncluding": "1.12.10",
"versionStartIncluding": "1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FF055F3-E11D-41DB-9ED7-434D9ED905B4",
"versionEndExcluding": "1.13.2",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADA3952E-8133-4E6A-A365-4FD74ABA962C",
"versionEndExcluding": "1.14.8",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F9F7837F-DA69-453E-8B24-1EDF0A5CAB4C",
"versionEndExcluding": "1.15.5",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1BDF819-871C-4E34-978F-BAFF8D895B84",
"versionEndExcluding": "1.16.2",
"versionStartIncluding": "1.16.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "309CB6F8-F178-454C-BE97-787F78647C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility."
},
{
"lang": "es",
"value": "La comprobaci\u00f3n de entrada inapropiada en el servidor API de Kubernetes en las versiones v1.0 hasta 1.12 y versiones anteriores a v1.13.12, v1.14.8, v1.15.5 y v1.16.2, permite a los usuarios autorizados enviar cargas maliciosas de YAML o JSON, causando que el servidor API consuma demasiada CPU o memoria, fallando potencialmente y dejando de estar disponible. En versiones anteriores a v1.14.0, la pol\u00edtica predeterminada de RBAC autorizaba a los usuarios an\u00f3nimos para enviar peticiones que pudieran desencadenar esta vulnerabilidad. Los cl\u00fasteres actualizados desde una versi\u00f3n anterior a v1.14.0 mantienen la pol\u00edtica m\u00e1s permisiva por defecto para la compatibilidad con versiones anteriores."
}
],
"id": "CVE-2019-11253",
"lastModified": "2024-11-21T04:20:48.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-17T16:15:10.443",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3905"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/83253"
},
{
"source": "jordan@liggitt.net",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/83253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20191031-0006/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-776"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-01-07 00:15
Modified
2024-11-21 05:55
Severity ?
3.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
3.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
3.0 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
Summary
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/101695 | Vendor Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20220217-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/101695 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20220217-0003/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA582BF-2777-4ABB-A12C-D1D226CC7D08",
"versionEndIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as Events."
},
{
"lang": "es",
"value": "kubectl no neutraliza las secuencias de escape, meta o de control contenidas en los datos brutos que env\u00eda a un terminal. Esto incluye, pero no se limita, a los campos de cadena no estructurados en objetos como los Eventos"
}
],
"id": "CVE-2021-25743",
"lastModified": "2024-11-21T05:55:19.977",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.0,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.0,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-07T00:15:07.817",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/101695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20220217-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-150"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-17 13:18
Modified
2024-11-21 03:04
Severity ?
Summary
Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/kubernetes/kubernetes/issues/43459 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/43459 | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | 1.5.0 | |
| kubernetes | kubernetes | 1.5.1 | |
| kubernetes | kubernetes | 1.5.2 | |
| kubernetes | kubernetes | 1.5.3 | |
| kubernetes | kubernetes | 1.5.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5AF640-0C20-48D5-A418-83E14935E8A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B05445BA-4E94-44D8-91BC-72F889D30D99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA4CEFFE-B8F0-4F03-A6B5-3F2A7BE57AC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A9AF70-ACD4-4357-A096-6ABC02A185A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F527925-3B46-45BD-8A1A-EF52E62E9CA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plugin resulting in the ability to make use of any existing PodSecurityPolicy object."
},
{
"lang": "es",
"value": "En Kubernetes versi\u00f3n 1.5.0 hasta 1.5.4, es vulnerable a una escalada de privilegios en el plugin admission de PodSecurityPolicy, resultando en la capacidad de hacer uso de cualquier objeto PodSecurityPolicy existente."
}
],
"id": "CVE-2017-1000056",
"lastModified": "2024-11-21T03:04:03.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-17T13:18:17.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/43459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/43459"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-01-21 17:15
Modified
2024-11-21 05:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
5.0 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Summary
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| oracle | communications_cloud_native_core_network_slice_selection_function | 1.2.1 | |
| oracle | communications_cloud_native_core_policy | 1.15.0 | |
| oracle | communications_cloud_native_core_service_communication_proxy | 1.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "044D3402-749F-4BEA-9F7E-16F7839654FE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADE6EF8F-1F05-429B-A916-76FDB20CEB81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect."
},
{
"lang": "es",
"value": "El servidor de la API de Kubernetes en todas las versiones permite a un atacante que puede crear un servicio ClusterIP y establecer el campo spec.externalIPs, interceptar el tr\u00e1fico a esa direcci\u00f3n IP. Adicionalmente, un atacante que sea capaz de parchear el estado (que se considera una operaci\u00f3n privilegiada y no se debe t\u00edpicamente otorgar a los usuarios) de un servicio LoadBalancer puede configurar el status.loadBalancer.ingress.ip con un efecto similar"
}
],
"id": "CVE-2020-8554",
"lastModified": "2024-11-21T05:39:01.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-21T17:15:13.843",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/97076"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/97076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-283"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-02-03 18:59
Modified
2024-11-21 02:47
Severity ?
Summary
The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C32308-314D-4E0D-B15F-6A68DF21E9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object."
},
{
"lang": "es",
"value": "El servidor API en Kubernetes no comprueba correctamente el control de admisi\u00f3n, lo que permite a usuarios remotos autenticados acceder a recursos adicionales a trav\u00e9s de un objeto parcheado manipulado."
}
],
"id": "CVE-2016-1905",
"lastModified": "2024-11-21T02:47:19.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-02-03T18:59:08.773",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/kubernetes/kubernetes/issues/19479"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/kubernetes/kubernetes/issues/19479"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-03 21:15
Modified
2024-11-21 07:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "44D47082-4E70-4CBE-B52B-B2A83903F17B",
"versionEndIncluding": "1.24.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9CB1E96C-4CC8-4BE3-9BC6-2AE760B8AD3F",
"versionEndIncluding": "1.25.10",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EFB3393-262F-4179-B397-A08519AD6BE3",
"versionEndIncluding": "1.26.5",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B26D20B-7A52-4957-8D0A-9D65572B764C",
"versionEndIncluding": "1.27.2",
"versionStartIncluding": "1.27.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\n"
}
],
"id": "CVE-2023-2727",
"lastModified": "2024-11-21T07:59:10.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-03T21:15:09.480",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/2"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/07/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/vPWYJ_L84m8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230803-0004/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-02-03 16:15
Modified
2024-11-21 04:20
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
5.7 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Summary
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/87773 | Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/87773 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.1-1.12 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E20ECB8-B503-4DB2-BCDB-D28E53523C9E",
"versionEndExcluding": "1.13.11",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFCC3601-5C5D-4304-AE8E-E75F262A5CC6",
"versionEndExcluding": "1.14.7",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A4A079B-AA15-49F4-9861-D99D6FAEE758",
"versionEndExcluding": "1.15.4",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.1-1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DF182631-B804-429A-A1EC-B9BCE60FDA93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree."
},
{
"lang": "es",
"value": "El comando kubectl cp de Kubernetes en las versiones 1.1-1.12 y versiones anteriores a 1.13.11, 1.14.7 y 1.15.4, permite una combinaci\u00f3n de dos enlaces simb\u00f3licos proporcionados mediante la salida tar de un contenedor malicioso para colocar un archivo fuera del directorio de destino especificado en la invocaci\u00f3n de kubectl cp. Esto podr\u00eda ser usado para permitir aun atacante colocar un archivo nefasto usando un enlace simb\u00f3lico, fuera del \u00e1rbol de destino."
}
],
"id": "CVE-2019-11251",
"lastModified": "2024-11-21T04:20:48.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-03T16:15:11.140",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/87773"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/87773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-20 17:15
Modified
2024-11-21 05:55
Severity ?
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
3.1 (Low) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/103675 | Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE | Mailing List, Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20211014-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/103675 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE | Mailing List, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211014-0001/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C32308-314D-4E0D-B15F-6A68DF21E9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack."
},
{
"lang": "es",
"value": "Se ha detectado un problema de seguridad en Kubernetes que podr\u00eda permitir a usuarios enviar tr\u00e1fico de red a lugares a los que de otro modo no tendr\u00edan acceso por medio de un ataque de tipo confused deputy"
}
],
"id": "CVE-2021-25740",
"lastModified": "2024-11-21T05:55:19.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-20T17:15:08.283",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/103675"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0001/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-441"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-14 13:29
Modified
2024-11-21 03:04
Severity ?
Summary
Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/47611 | Issue Tracking, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/47611 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.0 | |
| kubernetes | kubernetes | 1.6.1 | |
| kubernetes | kubernetes | 1.6.1 | |
| kubernetes | kubernetes | 1.6.2 | |
| kubernetes | kubernetes | 1.6.2 | |
| kubernetes | kubernetes | 1.6.3 | |
| kubernetes | kubernetes | 1.6.3 | |
| kubernetes | kubernetes | 1.6.3 | |
| kubernetes | kubernetes | 1.6.4 | |
| kubernetes | kubernetes | 1.6.4 | |
| kubernetes | kubernetes | 1.6.4 | |
| kubernetes | kubernetes | 1.6.5 | |
| kubernetes | kubernetes | 1.6.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25CE4080-7128-4FDC-9723-1C163BE7D83E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:alpha.0:*:*:*:*:*:*",
"matchCriteriaId": "3F37DCFE-39BF-4FFB-9AB2-10F285554815",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:alpha.1:*:*:*:*:*:*",
"matchCriteriaId": "6BC20273-E14D-43F1-B6E9-C2F57331DE3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:alpha.2:*:*:*:*:*:*",
"matchCriteriaId": "289C4EFE-172C-49CD-B9DE-DB14049E06C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:alpha.3:*:*:*:*:*:*",
"matchCriteriaId": "6B33D4AC-F81D-400A-A166-522B447F0612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "FA8EE9E4-C2FE-4F45-970D-D3B26D87FD05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "68793380-41DB-48B1-BDAB-8CA326320321",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:beta.2:*:*:*:*:*:*",
"matchCriteriaId": "53A7675A-15D9-4A18-8DB3-17162E6AB6E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:beta.3:*:*:*:*:*:*",
"matchCriteriaId": "53DBAAB4-DCC5-40B3-82F5-A95BD40ADA2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:beta.4:*:*:*:*:*:*",
"matchCriteriaId": "59A469FA-7A6F-4E63-97D5-BD091F5A2C92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.0:rc.1:*:*:*:*:*:*",
"matchCriteriaId": "98370CF2-0D4B-4962-97C7-DDDF556B7609",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EBE416B-81DC-4E6E-8839-1AA0A212C099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.1:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "2B4356AD-77C5-4D3E-AEB6-2950591C03CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "008FA1B0-8297-475D-8474-1038C8625EAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.2:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "9FA9B3BE-F7C2-4561-8445-6D183273D7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5101C877-7403-42DC-BDD4-EE9390DCFC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.3:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "5261E659-FB2A-4DA3-83AF-A199D3DB074E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.3:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "A4DFB90A-4AB0-4BA6-BA20-D5F08A0B46A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "ADD0DEFF-DFED-4A55-AE9C-BE5374825984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.4:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "D20E8A6C-0720-4878-A5FF-CB1251248B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.4:beta.1:*:*:*:*:*:*",
"matchCriteriaId": "91711ECA-ABA9-40D4-88EE-5C16888CCBD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "19741B06-64B6-49DD-828C-114473D2F90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.6.5:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "CAB36BFD-3474-4C3E-894A-B7EADFF4238D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Default access permissions for Persistent Volumes (PVs) created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to \"container\" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the Kubernetes cluster or authenticated access to the Azure portal."
},
{
"lang": "es",
"value": "Los permisos de acceso por defecto para vol\u00famenes persistentes (PV) creados por el proveedor de servicios en la nube Kubernetes en Azure, en sus versiones de la 1.6.0 a la 1.6.5, est\u00e1n establecidos a \"container\", lo que expone una URI que se puede acceder sin autenticaci\u00f3n en la red de internet p\u00fablica. Para acceder al string URI se requieren permisos de acceso al cl\u00faster de Kubernetes o acceso autenticado al portal Azure."
}
],
"id": "CVE-2017-1002100",
"lastModified": "2024-11-21T03:04:58.440",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-14T13:29:01.373",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/47611"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/47611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-07 22:15
Modified
2024-11-21 05:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/95623 | Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/95623 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BAC4DF80-12A5-482D-88C8-1939A015FBE4",
"versionEndIncluding": "1.17.13",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "57F3AFC9-8D1D-4870-B40E-5A2CFEB2388E",
"versionEndIncluding": "1.18.10",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13CE6526-CD5D-4B0D-AE8C-20E113F2D412",
"versionEndIncluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects \u003c= v1.19.3, \u003c= v1.18.10, \u003c= v1.17.13, \u003c v1.20.0-alpha2."
},
{
"lang": "es",
"value": "En Kubernetes, si el nivel de registro se establece en al menos 9, los tokens de autorizaci\u00f3n y portador se escribir\u00e1n en los archivos de registro. Esto puede ocurrir tanto en los registros del servidor API como en la salida de la herramienta cliente como kubectl. Esto afecta a versiones anteriores e iguales a v1.19.3, versiones anteriores e iguales a v1.18.10, versiones anteriores e iguales a v1.17.13, versiones anteriores a v1.20.0-alpha2"
}
],
"id": "CVE-2020-8565",
"lastModified": "2024-11-21T05:39:02.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-07T22:15:21.400",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-11 21:59
Modified
2024-11-21 02:36
Severity ?
Summary
Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| redhat | openshift | 3.0 | |
| redhat | openshift | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:alpha.4:*:*:*:*:*:*",
"matchCriteriaId": "EE0A7C28-C2DF-4AFE-9F81-BA38AC6ADA9B",
"versionEndIncluding": "1.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "45690263-84D9-45A1-8C30-3ED2F0F11F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F8E35FAB-695F-44DA-945D-60B47C1F200B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name."
},
{
"lang": "es",
"value": "Kubernetes en versiones anteriores a 1.2.0-alpha.5 permite a atacantes remotos leer logs de pod arbitrarios a trav\u00e9s de un nombre de contenedor."
}
],
"id": "CVE-2015-7528",
"lastModified": "2024-11-21T02:36:55.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-11T21:59:09.337",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2615.html"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2015:2544"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/kubernetes/kubernetes/pull/17886"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5"
},
{
"source": "secalert@redhat.com",
"url": "https://github.com/openshift/origin/pull/6113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2615.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2015:2544"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/kubernetes/kubernetes/pull/17886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/openshift/origin/pull/6113"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 21:29
Modified
2024-11-21 03:40
Severity ?
5.9 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | http://www.securityfocus.com/bid/106238 | Third Party Advisory, VDB Entry | |
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/65750 | Issue Tracking, Patch, Vendor Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20190416-0008/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106238 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/65750 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190416-0008/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA354FA9-85CC-45E9-BB88-44EE53BDB40E",
"versionEndIncluding": "1.9.9",
"versionStartIncluding": "1.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2B171401-9127-4786-82C6-EF3551A122ED",
"versionEndIncluding": "1.10.5",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69A8015D-12CB-4D1A-B65C-159661654F88",
"versionEndIncluding": "1.11.1",
"versionStartIncluding": "1.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection."
},
{
"lang": "es",
"value": "En Kubernetes, en versiones 1.9.0-1.9.9, 1.10.0-1.10.5 y 1.11.0-1.11.1, las entradas de usuario se manejaron de forma incorrecta al configurar puntos de montaje de vol\u00famenes en nodos de Windows, lo que podr\u00eda conducir a una inyecci\u00f3n de argumentos de la l\u00ednea de comandos."
}
],
"id": "CVE-2018-1002101",
"lastModified": "2024-11-21T03:40:38.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.7,
"impactScore": 5.2,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T21:29:00.293",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106238"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0008/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-06 12:15
Modified
2024-11-21 05:55
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Summary
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/100096 | Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/100096 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y | Mailing List, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CBC03B5-FF1D-45D7-A8F9-288DF2057568",
"versionEndExcluding": "1.18.18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54F99BEF-703E-43C0-846C-AB9EECE134A9",
"versionEndExcluding": "1.19.10",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E26E82C1-754C-4E81-B7BC-FB4DACE33945",
"versionEndExcluding": "1.20.6",
"versionStartIncluding": "1.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields."
},
{
"lang": "es",
"value": "Se ha detectado un problema de seguridad en kube-apiserver que podr\u00eda permitir a las actualizaciones de los nodos omitir un Validating Admission Webhook. Los clusters s\u00f3lo est\u00e1n afectados por esta vulnerabilidad si ejecutan un Validating Admission Webhook para nodos que deniega la admisi\u00f3n bas\u00e1ndose, al menos parcialmente, en el estado antiguo del objeto Node. El Validating Admission Webhook no comprueba algunos campos anteriores."
}
],
"id": "CVE-2021-25735",
"lastModified": "2024-11-21T05:55:19.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-06T12:15:07.617",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/100096"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/100096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-372"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-13 17:29
Modified
2024-11-21 03:04
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.6 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
9.6 (Critical) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host's filesystem.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html | ||
| jordan@liggitt.net | https://access.redhat.com/errata/RHSA-2018:0475 | Third Party Advisory | |
| jordan@liggitt.net | https://github.com/bgeesaman/subpath-exploit/ | Exploit, Third Party Advisory | |
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/60813 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0475 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bgeesaman/subpath-exploit/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/60813 | Issue Tracking, Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85841C2A-31F1-4725-BE9D-0E346D133CC9",
"versionEndIncluding": "1.3.10",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE7BB45-879A-48CE-BE8B-463CB97B8ABA",
"versionEndIncluding": "1.4.12",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0990DE9E-F42A-42E5-9589-ACFCD79950E5",
"versionEndIncluding": "1.5.8",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "520D312F-37C8-4604-B4C3-D9DB8317CF9F",
"versionEndIncluding": "1.6.13",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F39F83C4-3CC3-4681-8363-0986209D4E2B",
"versionEndExcluding": "1.7.14",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE0979F-ED58-43D8-9E3B-7261B1782DD2",
"versionEndExcluding": "1.8.9",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4818E0C-B0ED-424F-AD73-B87777FD9D9E",
"versionEndExcluding": "1.9.4",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside of the volume, including the host\u0027s filesystem."
},
{
"lang": "es",
"value": "En Kubernetes, en versiones 1.3.x, 1.4.x, 1.5.x, 1.6.x y en versiones anteriores a la 1.7.14, 1.8.9 y 1.9.4, los contenedores que emplean montajes de volumen subpath con cualquier tipo de volumen (incluyendo pods no privilegiados, dependientes de los permisos de archivo) pueden acceder a archivos/directorios fuera del volumen, incluyendo el sistema de archivos del host."
}
],
"id": "CVE-2017-1002101",
"lastModified": "2024-11-21T03:04:58.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 5.8,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-13T17:29:00.233",
"references": [
{
"source": "jordan@liggitt.net",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bgeesaman/subpath-exploit/"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60813"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/bgeesaman/subpath-exploit/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60813"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-06 12:15
Modified
2024-11-21 05:55
Severity ?
2.7 (Low) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/102106 | Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY | Mailing List, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20211004-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/102106 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211004-0004/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.21.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B86E916-8D46-49BD-BF24-ED83D2ECFB28",
"versionEndExcluding": "1.18.19",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54F99BEF-703E-43C0-846C-AB9EECE134A9",
"versionEndExcluding": "1.19.10",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9649E8E5-DDA2-408F-9221-19E853704497",
"versionEndExcluding": "1.20.7",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.21.0:-:*:*:*:*:*:*",
"matchCriteriaId": "F9AF80B0-93B1-4129-BCB7-BF93F13FC880",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs."
},
{
"lang": "es",
"value": "Se ha detectado un problema de seguridad en Kubernetes en el que un usuario puede ser capaz de redirigir el tr\u00e1fico del pod a redes privadas en un Nodo. Kubernetes ya previene la creaci\u00f3n de IPs de Endpoint en el rango localhost o link-local, pero no se ha llevado a cabo la misma comprobaci\u00f3n en las IPs de EndpointSlice."
}
],
"id": "CVE-2021-25737",
"lastModified": "2024-11-21T05:55:19.310",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-06T12:15:07.673",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/102106"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211004-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/102106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211004-0004/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-184"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 21:15
Modified
2024-11-21 08:18
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/119595 | Exploit, Mitigation, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E | Technical Description | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20231221-0002/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/119595 | Exploit, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E | Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231221-0002/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4C81ED-BB69-490B-BABA-89C2501A5E6D",
"versionEndExcluding": "1.24.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86AE4580-37A1-4E7B-9B7A-A30316676065",
"versionEndExcluding": "1.25.13",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99BCE3D9-3EFA-4358-B36E-47954DBE28D4",
"versionEndExcluding": "1.26.8",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F30AD24-3FA9-4FA8-BCD5-5351EA357B49",
"versionEndExcluding": "1.27.5",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FAE518-D5F9-4A7D-A703-1D36EA8A563C",
"versionEndExcluding": "1.28.1",
"versionStartIncluding": "1.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que puede crear pods en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si incluyen nodos de Windows."
}
],
"id": "CVE-2023-3955",
"lastModified": "2024-11-21T08:18:23.683",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T21:15:08.613",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119595"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Technical Description"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20231221-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Technical Description"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/JrX4bb7d83E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231221-0002/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 17:15
Modified
2024-11-21 05:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.18.0 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB84B14-8D71-4BEA-90FC-DB76F9A0F781",
"versionEndExcluding": "1.15.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "111CE2DC-82F8-4AF6-99B6-5BB847A18D95",
"versionEndExcluding": "1.16.9",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5D5658-D416-434A-BA64-74DA2A4F13E2",
"versionEndExcluding": "1.17.5",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.18.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AF65B08E-28BD-496F-88AE-CB7271BD7379",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master\u0027s host network (such as link-local or loopback services)."
},
{
"lang": "es",
"value": "El Kubernetes kube-controller-manager en las versiones v1.0-1.14, versiones anteriores a v1.15.12, v1.16.9, v1.17.5 y v1.18.0, son vulnerables a un ataque de tipo Server Side Request Forgery (SSRF) que permite que determinados usuarios autorizados pierdan hasta 500 bytes de informaci\u00f3n arbitraria de endpoints desprotegidos dentro de la red host del maestro (tales como los servicios link-local o loopback)"
}
],
"id": "CVE-2020-8555",
"lastModified": "2024-11-21T05:39:01.533",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T17:15:11.640",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/91542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200724-0005/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-01 14:29
Modified
2024-11-21 04:17
Severity ?
6.4 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Summary
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.14.0 | |
| redhat | openshift_container_platform | 3.9 | |
| redhat | openshift_container_platform | 3.10 | |
| redhat | openshift_container_platform | 3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0BDD5F47-BEF5-409E-AB7D-CC0F80EECDBF",
"versionEndExcluding": "1.11.9",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF6BA38-1A7C-46AB-A404-06ABB3ADFFC7",
"versionEndExcluding": "1.12.7",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "147CD8D3-60A8-4314-AD92-670CB330F85C",
"versionEndExcluding": "1.13.5",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5BE234F2-20DA-4D5B-AD9D-AC7F39DB9D1D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "309CB6F8-F178-454C-BE97-787F78647C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0."
},
{
"lang": "es",
"value": "El comando kubectl cp permite copiar archivos entre contenedores y la m\u00e1quina del usuario. Para copiar archivos de un contenedor, Kubernetes crea un alquitr\u00e1n dentro del contenedor, lo copia a trav\u00e9s de la red y kubectl lo descomprime en la m\u00e1quina del usuario. Si el binario tar en el contenedor es malicioso, podr\u00eda ejecutar cualquier c\u00f3digo y generar resultados inesperados y maliciosos. Un atacante podr\u00eda usar esto para escribir archivos en cualquier ruta en la m\u00e1quina del usuario cuando se llama a kubectl cp, limitado solo por los permisos del sistema del usuario local. La funci\u00f3n untar puede crear y seguir enlaces simb\u00f3licos. El problema se resuelve en kubectl v1.11.9, v1.12.7, v1.13.5 y v1.14.0."
}
],
"id": "CVE-2019-1002101",
"lastModified": "2024-11-21T04:17:42.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "josh@bress.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-01T14:29:00.640",
"references": [
{
"source": "josh@bress.net",
"url": "http://www.openwall.com/lists/oss-security/2019/06/21/1"
},
{
"source": "josh@bress.net",
"url": "http://www.openwall.com/lists/oss-security/2019/08/05/5"
},
{
"source": "josh@bress.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107652"
},
{
"source": "josh@bress.net",
"url": "https://access.redhat.com/errata/RHBA-2019:0619"
},
{
"source": "josh@bress.net",
"url": "https://access.redhat.com/errata/RHBA-2019:0620"
},
{
"source": "josh@bress.net",
"url": "https://access.redhat.com/errata/RHBA-2019:0636"
},
{
"source": "josh@bress.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/75037"
},
{
"source": "josh@bress.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/"
},
{
"source": "josh@bress.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/"
},
{
"source": "josh@bress.net",
"url": "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/"
},
{
"source": "nvd@nist.gov",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2019-1002101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/06/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/08/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107652"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2019:0619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2019:0620"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2019:0636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/75037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-20 17:15
Modified
2024-11-21 05:55
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
8.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/104980 | Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s | Mailing List, Mitigation | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20211008-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/104980 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s | Mailing List, Mitigation | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211008-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "294F8F39-19EC-48D3-8013-C35B7E3076B5",
"versionEndIncluding": "1.19.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "816775F6-5488-47BB-8080-DF5D12D14C69",
"versionEndIncluding": "1.20.10",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A62C3A55-B83B-42E1-B6B1-E7395D2DB930",
"versionEndIncluding": "1.21.4",
"versionStartIncluding": "1.21.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6683F913-E546-4C97-A5E7-09FB6FDB0D37",
"versionEndIncluding": "1.22.1",
"versionStartIncluding": "1.22.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user may be able to create a container with subpath volume mounts to access files \u0026 directories outside of the volume, including on the host filesystem."
},
{
"lang": "es",
"value": "Se ha detectado un problema de seguridad en Kubernetes en el que un usuario puede ser capaz de crear un contenedor con montajes de volumen de sub-ruta para acceder a archivos y directorios fuera del volumen, incluso en el sistema de archivos del host"
}
],
"id": "CVE-2021-25741",
"lastModified": "2024-11-21T05:55:19.723",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-20T17:15:08.343",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104980"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/nyfdhK24H7s"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211008-0006/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-552"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 04:20
Severity ?
Summary
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.12.11 | |
| redhat | openshift_container_platform | 3.9 | |
| redhat | openshift_container_platform | 3.10 | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | openshift_container_platform | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC052-EAAD-4964-8B50-1D8A04A73D75",
"versionEndIncluding": "1.12.10",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14126DA1-4F03-43D3-BD14-0BE06EC8F4E5",
"versionEndExcluding": "1.13.9",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E10D117F-F0C4-4355-98E3-BB4A401258DE",
"versionEndExcluding": "1.14.5",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BECD4DB-0E6B-4C4A-B714-F6E4724BD0F6",
"versionEndExcluding": "1.15.2",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*",
"matchCriteriaId": "3EAFE32A-5295-4A4B-9EC1-A1DB3CAE3DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "309CB6F8-F178-454C-BE97-787F78647C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."
},
{
"lang": "es",
"value": "El comando kubectl cp permite copiar archivos entre contenedores y la m\u00e1quina del usuario. Para copiar archivos de un contenedor, Kubernetes ejecuta tar dentro del contenedor para crear un archivo tar, lo copia a trav\u00e9s de la red y kubectl lo descomprime en la m\u00e1quina del usuario. Si el binario tar en el contenedor es malicioso, podr\u00eda ejecutar cualquier c\u00f3digo y generar resultados inesperados y maliciosos. Un atacante podr\u00eda usar esto para escribir archivos en cualquier ruta en la m\u00e1quina del usuario cuando se llama a kubectl cp, limitado solo por los permisos del sistema del usuario local. Las versiones afectadas de Kubernetes incluyen versiones anteriores a la versi\u00f3n 1.13.9, versiones anteriores a la versi\u00f3n 1.14.5, versiones anteriores a la versi\u00f3n 1.15.2 y versiones 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12 ."
}
],
"id": "CVE-2019-11249",
"lastModified": "2024-11-21T04:20:48.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:11.443",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2794"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80984"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2794"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-30 03:15
Modified
2024-11-21 05:55
Severity ?
5.8 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port”) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip” field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip” field are unaffected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E811D79-831A-493A-A0C8-D06442D01ADD",
"versionEndExcluding": "1.18.18",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54F99BEF-703E-43C0-846C-AB9EECE134A9",
"versionEndExcluding": "1.19.10",
"versionStartIncluding": "1.19.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E26E82C1-754C-4E81-B7BC-FB4DACE33945",
"versionEndExcluding": "1.20.6",
"versionStartIncluding": "1.20.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\n\n"
},
{
"lang": "es",
"value": "Kube-proxy en Windows puede reenviar tr\u00e1fico involuntariamente a procesos locales que escuchan en el mismo puerto (\u201cspec.ports[*].port\u201d) que LoadBalancer Service cuando el controlador LoadBalancer no configura \u201cstatus.loadBalancer.ingress[].ip\u201d. Los cl\u00fasteres donde el controlador LoadBalancer establece el campo \"status.loadBalancer.ingress[].ip\" no se ven afectados."
}
],
"id": "CVE-2021-25736",
"lastModified": "2024-11-21T05:55:19.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.0,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-30T03:15:07.653",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/99958"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20231221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/99958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231221-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-07 22:15
Modified
2024-11-21 05:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/95624 | Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20210122-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/95624 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210122-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B765012B-C658-4EB8-956A-62A91142CE05",
"versionEndExcluding": "1.17.13",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67F84BBA-5FCA-4A23-BB4E-47BE92E3706A",
"versionEndExcluding": "1.18.10",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "456BD01B-44E8-4823-B220-5E109D8C377D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager\u0027s logs during provisioning of Ceph RBD persistent claims. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13."
},
{
"lang": "es",
"value": "En los cl\u00fasteres de Kubernetes que usan Ceph RBD como aprovisionador de almacenamiento, con un nivel de registro de al menos 4, los secretos de administraci\u00f3n de Ceph RBD se pueden escribir en los registros. Esto ocurre en los registros de kube-controller-manager durante el aprovisionamiento de notificaciones persistentes de Ceph RBD. Esto afecta a versiones anteriores a v1.19.3, anteriores a v1.18.10, anteriores a v1.17.13"
}
],
"id": "CVE-2020-8566",
"lastModified": "2024-11-21T05:39:02.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-07T22:15:21.480",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95624"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-09-20 17:15
Modified
2024-11-21 05:39
Severity ?
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
4.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
Summary
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/104720 | Mitigation, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY | Mailing List, Mitigation | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20211014-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/104720 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY | Mailing List, Mitigation | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20211014-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | 1.20.11 | |
| kubernetes | kubernetes | 1.21.5 | |
| kubernetes | kubernetes | 1.22.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.20.11:-:*:*:*:*:*:*",
"matchCriteriaId": "1E602175-D34A-44F2-88CD-C0D2C5D240EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.21.5:-:*:*:*:*:*:*",
"matchCriteriaId": "0CBB908A-7235-4F5A-AD59-9E11B77A4CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "8A1DF02D-B561-445F-8262-3A9F6762CBC3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."
},
{
"lang": "es",
"value": "Se ha detectado un problema de seguridad en Kubernetes donde los actores que controlan las respuestas de las peticiones MutatingWebhookConfiguration o ValidatingWebhookConfiguration son capaces de redirigir las peticiones de kube-apiserver a redes privadas del apiserver. Si ese usuario puede visualizar los registros de kube-apiserver cuando el nivel de registro se establece en 10, puede visualizar las respuestas redirigidas y los encabezados en los registros"
}
],
"id": "CVE-2020-8561",
"lastModified": "2024-11-21T05:39:02.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-20T17:15:08.187",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/104720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Mitigation"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20211014-0002/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-441"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-610"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-01 14:29
Modified
2024-11-21 04:17
Severity ?
Summary
In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| redhat | openshift_container_platform | 3.10 | |
| redhat | openshift_container_platform | 3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA71853-0F00-4D01-834F-63A8B24A27AB",
"versionEndExcluding": "1.11.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "60751439-CACB-49C0-A739-BE3203292E67",
"versionEndExcluding": "1.12.6",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3041501-9145-4C0D-943F-0C1617140D23",
"versionEndExcluding": "1.13.4",
"versionStartIncluding": "1.13.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type \"json-patch\" (e.g. `kubectl patch --type json` or `\"Content-Type: application/json-patch+json\"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server."
},
{
"lang": "es",
"value": "En todas las versiones de Kubernetes anteriores a las v1.11.8, v1.12.6 y v1.13.4, los usuarios autorizados para realizar peticiones de parche en el servidor API de Kubernetes pueden enviar parches \"json-patch\" (p.ej., `kubectl patch --type json` o `\"Content-Type: application/json-patch+json\"`) especialmente manipulados que consumen recursos excesivos durante el procesamiento, conduciendo a una denegaci\u00f3n de servicio (DoS) en el servidor API"
}
],
"id": "CVE-2019-1002100",
"lastModified": "2024-11-21T04:17:42.613",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "josh@bress.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-01T14:29:00.483",
"references": [
{
"source": "josh@bress.net",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107290"
},
{
"source": "josh@bress.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1851"
},
{
"source": "josh@bress.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"source": "josh@bress.net",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/74534"
},
{
"source": "josh@bress.net",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g"
},
{
"source": "josh@bress.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/107290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/74534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/vmUUNkYfG9g"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
}
],
"sourceIdentifier": "josh@bress.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 19:15
Modified
2024-11-21 07:19
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38E275C4-8711-435F-85D8-073116D467CF",
"versionEndExcluding": "1.22.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16AF218C-A7AD-4A8A-9F97-A89D1ADC6C67",
"versionEndExcluding": "1.23.14",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FD71BF6D-ABA3-4974-856B-10B9450C741F",
"versionEndExcluding": "1.24.8",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "105810A5-2E62-441A-B07B-9F8A0E774712",
"versionEndExcluding": "1.25.4",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server\u0027s private network."
}
],
"id": "CVE-2022-3294",
"lastModified": "2024-11-21T07:19:14.187",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T19:15:25.570",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/113757"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20230505-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/113757"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230505-0007/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 04:20
Severity ?
Summary
The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.12.11 | |
| redhat | openshift_container_platform | 3.9 | |
| redhat | openshift_container_platform | 3.10 | |
| redhat | openshift_container_platform | 3.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A582FE75-D84B-4C8F-B836-95FB15F68EBA",
"versionEndIncluding": "1.12.10",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14126DA1-4F03-43D3-BD14-0BE06EC8F4E5",
"versionEndExcluding": "1.13.9",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E10D117F-F0C4-4355-98E3-BB4A401258DE",
"versionEndExcluding": "1.14.5",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BECD4DB-0E6B-4C4A-B714-F6E4724BD0F6",
"versionEndExcluding": "1.15.2",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*",
"matchCriteriaId": "3EAFE32A-5295-4A4B-9EC1-A1DB3CAE3DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "309CB6F8-F178-454C-BE97-787F78647C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."
},
{
"lang": "es",
"value": "El kube-apiserver de Kubernetes permite por error el acceso a un recurso personalizado de \u00e1mbito de cl\u00faster si la solicitud se realiza como si el recurso estuviera con espacio de nombres. Las autorizaciones para el recurso al que se tiene acceso de esta manera se aplican mediante roles y enlaces de roles dentro del espacio de nombres, lo que significa que un usuario con acceso solo a un recurso en un espacio de nombres podr\u00eda crear, ver actualizar o eliminar el recurso de \u00e1mbito de cl\u00faster (seg\u00fan sus privilegios de rol de espacio de nombres). Las versiones afectadas de Kubernetes incluyen versiones anteriores a 1.13.9, versiones anteriores a 1.14.5, versiones anteriores a 1.15.2 y versiones 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."
}
],
"id": "CVE-2019-11247",
"lastModified": "2024-11-21T04:20:47.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 3.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:11.287",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80983"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2816"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:2824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/80983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-05-24 17:15
Modified
2024-11-21 05:55
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "80257A80-0A4E-4729-A5B0-8877D843AD6E",
"versionEndIncluding": "1.21.0",
"versionStartIncluding": "1.20.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D8F5B4F6-F719-4FD3-9976-FCD65084496B",
"versionEndExcluding": "1.22.14",
"versionStartIncluding": "1.22.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA682EF7-E99C-4361-A719-D81151736468",
"versionEndExcluding": "1.23.11",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99ABC540-165A-428C-ABBB-972A4363D273",
"versionEndExcluding": "1.24.5",
"versionStartIncluding": "1.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true."
}
],
"id": "CVE-2021-25749",
"lastModified": "2024-11-21T05:55:20.517",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-05-24T17:15:09.413",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/qqTZgulISzA"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-08-07 17:29
Modified
2024-11-21 02:36
Severity ?
Summary
Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1291963 | Issue Tracking, Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://github.com/kubernetes/kubernetes/pull/18909 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1291963 | Issue Tracking, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/pull/18909 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | - | |
| redhat | openshift | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C32308-314D-4E0D-B15F-6A68DF21E9F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62C4B3B6-7452-49AF-8981-737FE929FF97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image."
},
{
"lang": "es",
"value": "Kubernetes en OpenShift3 permite que atacantes remotos autenticados empleen las im\u00e1genes privadas de otros usuarios si conocen el nombre de dicha imagen."
}
],
"id": "CVE-2015-7561",
"lastModified": "2024-11-21T02:36:59.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-07T17:29:00.410",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291963"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/18909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1291963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/18909"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 04:20
Severity ?
Summary
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.15.3 | |
| kubernetes | kubernetes | 1.15.4 | |
| kubernetes | kubernetes | 1.16.0 | |
| kubernetes | kubernetes | 1.16.0 | |
| kubernetes | kubernetes | 1.16.0 | |
| kubernetes | kubernetes | 1.16.0 | |
| kubernetes | kubernetes | 1.16.0 | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | openshift_container_platform | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "470C9C75-4582-4D15-8B34-07889BF9C24F",
"versionEndExcluding": "1.15.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.3:-:*:*:*:*:*:*",
"matchCriteriaId": "6281DC26-9400-481C-9C6E-8A28F63B0E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.4:beta0:*:*:*:*:*:*",
"matchCriteriaId": "E39F27C0-6ED8-4E02-A659-6BF62152614D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.16.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "07455E9D-4A96-461E-A570-F759E5962A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.16.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "F8A6A1E7-D383-46F6-BB5A-1EF060EF3528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.16.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "30E428E5-411E-4E97-99AB-AC2E92BF1800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.16.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "C584B1E1-C5EE-4FBF-87A8-C8D57E899E49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.16.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "853095C6-7832-4542-A6C5-8074AC5C217F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected."
},
{
"lang": "es",
"value": "La biblioteca de servicio de cliente de Kubernetes registra los encabezados de solicitud en niveles de detalle de 7 o superior. Esto puede revelar las credenciales a los usuarios no autorizados a trav\u00e9s de los registros o la salida del comando. Los componentes de Kubernetes (como kube-apiserver) anteriores a v1.16.0, que utilizan la autenticaci\u00f3n de token b\u00e1sica o portadora y se ejecutan en niveles de detalle elevados, se ven afectados."
}
],
"id": "CVE-2019-11250",
"lastModified": "2024-11-21T04:20:48.343",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:11.523",
"references": [
{
"source": "jordan@liggitt.net",
"url": "http://www.openwall.com/lists/oss-security/2020/10/16/2"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4052"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4087"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81114"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2020/10/16/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-03-01 19:15
Modified
2024-11-21 07:18
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/113756 | Issue Tracking, Vendor Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA | Mailing List, Vendor Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20230511-0004/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/113756 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230511-0004/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1780A92B-C6FB-410B-8374-88D1D296816A",
"versionEndIncluding": "1.22.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A09EA928-A8A1-4CEC-A16F-AD65BD31A9D4",
"versionEndIncluding": "1.23.13",
"versionStartIncluding": "1.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDE00AE9-4CCC-49AA-B5D4-80A6FAE0FCB1",
"versionEndIncluding": "1.24.7",
"versionStartIncluding": "1.24.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A01548FA-CE9A-4ACB-8AC5-C85F16BC134B",
"versionEndIncluding": "1.25.3",
"versionStartIncluding": "1.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Users authorized to list or watch one type of namespaced custom resource cluster-wide can read custom resources of a different type in the same API group without authorization. Clusters are impacted by this vulnerability if all of the following are true: 1. There are 2+ CustomResourceDefinitions sharing the same API group 2. Users have cluster-wide list or watch authorization on one of those custom resources. 3. The same users are not authorized to read another custom resource in the same API group."
}
],
"id": "CVE-2022-3162",
"lastModified": "2024-11-21T07:18:57.453",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-01T19:15:25.457",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/113756"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20230511-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/113756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iUd550j7kjA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230511-0004/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-23 15:15
Modified
2024-11-21 04:20
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/pull/88684 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/pull/88684 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "878A4225-E52D-4F15-B997-2663E870FB92",
"versionEndIncluding": "1.17.0",
"versionStartIncluding": "1.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes."
},
{
"lang": "es",
"value": "El Kubernetes kube-controller-manager en versiones v1.0-v1.17, es vulnerable a una filtraci\u00f3n de credenciales por medio de mensajes de error en registros de fallo de montaje y eventos para vol\u00famenes de AzureFile y CephFS"
}
],
"id": "CVE-2019-11252",
"lastModified": "2024-11-21T04:20:48.583",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-23T15:15:11.930",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/88684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/88684"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-209"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-11-14 21:15
Modified
2025-01-03 19:42
Severity ?
7.2 (High) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| microsoft | windows | - | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25FFBC6E-DCE9-4596-8ABE-AC6B6564AA40",
"versionEndExcluding": "1.25.16",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28E3CB24-4305-4E08-AD34-D29AE795FA4A",
"versionEndExcluding": "1.26.11",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "45E6B088-8FC7-476A-A661-A9402F857C4A",
"versionEndExcluding": "1.27.8",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C9231AD-C3B9-4531-9052-0317AA506B0B",
"versionEndExcluding": "1.28.4",
"versionStartIncluding": "1.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que puede crear pods y vol\u00famenes persistentes en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si utilizan un complemento de almacenamiento en \u00e1rbol para nodos de Windows."
}
],
"id": "CVE-2023-5528",
"lastModified": "2025-01-03T19:42:12.633",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-14T21:15:14.123",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/issues/121879"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/kubernetes/kubernetes/issues/121879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JH444PWZBINXLLFV7XLIJIZJHSK6UEZ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4XZIX727JIKF5RQW7RVVBLWXBCDIBJA7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MPGMITSZXUCAVO7Q75675SOLXC2XXU4/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20240119-0009/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 21:29
Modified
2024-11-21 03:40
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.9.12 | |
| redhat | openshift_container_platform | 3.2 | |
| redhat | openshift_container_platform | 3.3 | |
| redhat | openshift_container_platform | 3.4 | |
| redhat | openshift_container_platform | 3.5 | |
| redhat | openshift_container_platform | 3.6 | |
| redhat | openshift_container_platform | 3.8 | |
| redhat | openshift_container_platform | 3.10 | |
| redhat | openshift_container_platform | 3.11 | |
| netapp | trident | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "389826D3-C28B-4EA5-8398-307B06A09A65",
"versionEndIncluding": "1.9.11",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A71A5EC9-75B0-43DE-B77D-B560D350E99D",
"versionEndIncluding": "1.10.10",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "96DEFC7F-6DBC-43C0-AF50-4B8B89A4634D",
"versionEndIncluding": "1.11.4",
"versionStartIncluding": "1.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08512A98-DAED-4C31-8B23-A5DF260EA78B",
"versionEndIncluding": "1.12.2",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.9.12:beta0:*:*:*:*:*:*",
"matchCriteriaId": "B4C657CF-5878-465A-BEC7-2718AB267C77",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C10044B3-FBB1-4031-9060-D3A2915B164C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA3ADA26-2B9E-4ABA-A224-910BD75CCE00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "67E80045-56E4-4A83-8168-CFED5E55CE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E792B5DC-CCD2-4A50-B72F-860A3BFAF165",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B75DC91F-0D25-42F9-8B7B-3ECCE6AB8174",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E50A070E-96A9-45D7-B155-00243D17F7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server\u0027s TLS credentials used to establish the backend connection."
},
{
"lang": "es",
"value": "En todas las versiones de Kubernetes anteriores a la v1.10.11, v1.11.5 y la v1.12.3, el manejo incorrecto de las respuestas de error a las peticiones de actualizaci\u00f3n en el proxy en kube-apiserver permit\u00edan que las peticiones especialmente manipuladas estableciesen una conexi\u00f3n mediante el servidor de la API de Kubernetes a los servidores del backend y enviasen peticiones arbitrarias en la misma conexi\u00f3n directamente al backend, autenticadas con las credenciales TLS del servidor de la API de Kubernetes empleadas para establecer la conexi\u00f3n con el backend."
}
],
"id": "CVE-2018-1002105",
"lastModified": "2024-11-21T03:40:38.970",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T21:29:00.403",
"references": [
{
"source": "jordan@liggitt.net",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
},
{
"source": "jordan@liggitt.net",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "jordan@liggitt.net",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "jordan@liggitt.net",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106068"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3537"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3549"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3551"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3598"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3624"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3742"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3752"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3754"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/evict/poc_CVE-2018-1002105"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/71411"
},
{
"source": "jordan@liggitt.net",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46052/"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46053/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3742"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3752"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/evict/poc_CVE-2018-1002105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/71411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46052/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46053/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-388"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-13 17:29
Modified
2024-11-21 03:04
Severity ?
7.1 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
5.6 (Medium) - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
Summary
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://access.redhat.com/errata/RHSA-2018:0475 | Third Party Advisory | |
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/60814 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:0475 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/60814 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "85841C2A-31F1-4725-BE9D-0E346D133CC9",
"versionEndIncluding": "1.3.10",
"versionStartIncluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3CE7BB45-879A-48CE-BE8B-463CB97B8ABA",
"versionEndIncluding": "1.4.12",
"versionStartIncluding": "1.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0990DE9E-F42A-42E5-9589-ACFCD79950E5",
"versionEndIncluding": "1.5.8",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "520D312F-37C8-4604-B4C3-D9DB8317CF9F",
"versionEndIncluding": "1.6.13",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F39F83C4-3CC3-4681-8363-0986209D4E2B",
"versionEndExcluding": "1.7.14",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE0979F-ED58-43D8-9E3B-7261B1782DD2",
"versionEndExcluding": "1.8.9",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E4818E0C-B0ED-424F-AD73-B87777FD9D9E",
"versionEndExcluding": "1.9.4",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running."
},
{
"lang": "es",
"value": "En Kubernetes, en versiones 1.3.x, 1.4.x, 1.5.x, 1.6.x y en versiones anteriores a la 1.7.14, 1.8.9 y 1.9.4, los contenedores que emplean un volumen secreto, configMap, proyectado o downwardAPI pueden desencadenar la eliminaci\u00f3n de archivos/directorios arbitrarios de los nodos en los que se est\u00e1n ejecutando."
}
],
"id": "CVE-2017-1002102",
"lastModified": "2024-11-21T03:04:58.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.3,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.1,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-13T17:29:00.280",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0475"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/60814"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-02 18:30
Modified
2024-11-21 04:52
Severity ?
Summary
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cncf | portmap | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.13.6 | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| netapp | cloud_insights | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cncf:portmap:*:*:*:*:*:container_networking_interface:*:*",
"matchCriteriaId": "AAC9C18B-C6AB-43D0-8BD9-ACC4158DF9FD",
"versionEndExcluding": "0.7.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ADC981F6-485E-4804-8BA2-640DA55FE1D9",
"versionEndExcluding": "1.11.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DDF6BA38-1A7C-46AB-A404-06ABB3ADFFC7",
"versionEndExcluding": "1.12.7",
"versionStartIncluding": "1.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "147CD8D3-60A8-4314-AD92-670CB330F85C",
"versionEndExcluding": "1.13.5",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.6:beta0:*:*:*:*:*:*",
"matchCriteriaId": "4CC774DD-08F0-4AC4-A0A9-67F86A7ED2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "34A6AC2D-82C4-4E1F-8D9A-159E31A4F790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "002991E8-6CC8-4F58-89B3-0B1AF2447DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9EA02FED-0377-4E4B-A86F-EE44F0E27360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "1496A02B-29F5-4DD5-B9FE-B39C5B77E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "59D7C9A1-A467-46A5-A03E-A04BD35287C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "41BF2E7F-E6DB-4ED0-B943-247B4F592C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF0406C1-854E-4B4D-AC1E-7DE304356030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "300E9B49-446B-406C-B219-360BD97D6EC1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:cloud_insights:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26FCA75B-4282-4E0F-95B4-640A82C8E91C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI \u0027portmap\u0027 plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0."
},
{
"lang": "es",
"value": "La interfaz de red del contenedor (CNI) de Cloud Native Computing Foundation (CNCF), en su versi\u00f3n 0.7.4, tiene una configuraci\u00f3n incorrecta en el firewall de red que afecta a Kubernetes. El plugin \"portmat\" de la CNI, utilizado para configurar los puertos de host para la CNI, introduce reglas al frente de las cadenas de iptables NAT. Esto tiene la precedencia sobre la cadena KUBE- SERVICES. Debido a esto, la regla HostPort/portmap podr\u00eda coincidir con el tr\u00e1fico entrante aunque hubiera un ajuste mejor y reglas de definici\u00f3n del servicio m\u00e1s espec\u00edficas como NodePorts m\u00e1s adelante en la cadena. Este problema est\u00e1 resuelto en la versi\u00f3n 0.7.5 de CNI y en las versiones 1.11.9, 1.12.7, 1.13.5 y 1.14.0 de Kubernetes."
}
],
"id": "CVE-2019-9946",
"lastModified": "2024-11-21T04:52:38.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-02T18:30:26.583",
"references": [
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHBA-2019:0862"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHBA-2019:0862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190416-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-670"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-03-27 15:15
Modified
2024-11-21 05:39
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07761E41-21F4-466F-A602-4DC9BD1257CE",
"versionEndIncluding": "1.15.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02C07F21-ECB7-4BD2-85AF-C2BB24F175FF",
"versionEndIncluding": "1.16.6",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0FF258-1EFA-4FF0-84C7-B2976BD70BD3",
"versionEndIncluding": "1.17.2",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests."
},
{
"lang": "es",
"value": "Se detect\u00f3 que el componente servidor de la API Kubernetes en versiones anteriores a 1.15.9, versiones 1.16.0-1.16.6 y versiones 1.17.0-1.17.2, es vulnerable a un ataque de denegaci\u00f3n de servicio versiones por medio de unas peticiones de la API con \u00e9xito."
}
],
"id": "CVE-2020-8552",
"lastModified": "2024-11-21T05:39:01.123",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-03-27T15:15:12.757",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89378"
},
{
"source": "jordan@liggitt.net",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-789"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-04-22 15:29
Modified
2024-11-21 04:20
Severity ?
Summary
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| netapp | trident | - | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | openshift_container_platform | 4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A57F3AC4-5E09-4C16-91A7-80D54F8F968C",
"versionEndIncluding": "1.14.1",
"versionStartIncluding": "1.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:trident:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D9A34F5-AC03-4098-A37D-AD50727DDB11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation."
},
{
"lang": "es",
"value": "En Kubernetes versi\u00f3n 1.8.x hasta versi\u00f3n 1.14.x, el componente kubectl almacena en cach\u00e9 la informaci\u00f3n del esquema en la ubicaci\u00f3n especificada por --cache-dir (defaulting to $HOME/.kube/http-cache), escrita con permisos world-writeable (rw-rw-rw-). Si se especifica --cache-dir y se apunta a una ubicaci\u00f3n distinta accesible para otros usuarios o grupos, los archivos escritos pueden ser modificados por otros usuarios o grupos e interrumpir la invocaci\u00f3n de Kubectl."
}
],
"id": "CVE-2019-11244",
"lastModified": "2024-11-21T04:20:47.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5,
"source": "jordan@liggitt.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-22T15:29:00.837",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108064"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3942"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0020"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0074"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76676"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/108064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/76676"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190509-0002/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-524"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 04:20
Severity ?
Summary
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.12.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ABCFC052-EAAD-4964-8B50-1D8A04A73D75",
"versionEndIncluding": "1.12.10",
"versionStartIncluding": "1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14126DA1-4F03-43D3-BD14-0BE06EC8F4E5",
"versionEndExcluding": "1.13.9",
"versionStartIncluding": "1.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E10D117F-F0C4-4355-98E3-BB4A401258DE",
"versionEndExcluding": "1.14.5",
"versionStartIncluding": "1.14.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2BECD4DB-0E6B-4C4A-B714-F6E4724BD0F6",
"versionEndExcluding": "1.15.2",
"versionStartIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*",
"matchCriteriaId": "3EAFE32A-5295-4A4B-9EC1-A1DB3CAE3DC8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user\u2019s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user\u2019s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11."
},
{
"lang": "es",
"value": "El comando kubectl cp permite copiar archivos entre contenedores y la m\u00e1quina del usuario. Para copiar archivos de un contenedor, Kubernetes ejecuta tar dentro del contenedor para crear un archivo tar, lo copia a trav\u00e9s de la red y kubectl lo descomprime en la m\u00e1quina del usuario. Si el binario tar en el contenedor es malicioso, podr\u00eda ejecutar cualquier c\u00f3digo y generar resultados inesperados y maliciosos. Un atacante podr\u00eda usar esto para escribir archivos en cualquier ruta en la m\u00e1quina del usuario cuando se llama a kubectl cp, limitado solo por los permisos del sistema del usuario local. Las versiones afectadas de Kubernetes incluyen versiones anteriores a la versi\u00f3n 1.12.9, versiones anteriores a la versi\u00f3n 1.13.6, versiones anteriores a la versi\u00f3n 1.14.2 y versiones 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11."
}
],
"id": "CVE-2019-11246",
"lastModified": "2024-11-21T04:20:47.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:11.227",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/76788"
},
{
"source": "jordan@liggitt.net",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/NLs2TGbfPdo"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/pull/76788"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://groups.google.com/forum/#%21topic/kubernetes-security-announce/NLs2TGbfPdo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-61"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 04:20
Severity ?
Summary
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/81023 | Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ | Mailing List, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20190919-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/81023 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190919-0003/ | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF491B76-31AF-401F-BDCA-2B825BD00B18",
"versionEndExcluding": "1.12.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "46561812-D492-4752-B461-726CB59ACF20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "23A873E8-B8AA-4F44-B7D5-25F4C40CCA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "F708C4D8-12E6-4CBC-8ECD-A5F0F5EFDA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "CA9EC2A9-1C77-4701-8F93-8000FF716AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "2CBA108A-AE8C-4C6D-AEDC-22B628FAC588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "F82D886D-F427-45D1-B39B-51D7C1945AAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "52E0AE58-9B46-4404-B83E-41A0AD5A4CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "579E840C-9FE1-4843-B93F-16D64D19A4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "4A0A3812-0619-4D6C-8192-96BDE9DBC809",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "14AD34AC-D1CB-4E37-B570-C902F6033D30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F69FEB72-F836-4AE3-99BB-3237A9011089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.1:beta0:*:*:*:*:*:*",
"matchCriteriaId": "2BD120EE-6A09-46FC-B6EB-40CD44B54450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.2:-:*:*:*:*:*:*",
"matchCriteriaId": "ED1F6346-9C0B-4916-9FEF-9CFB1A19F977",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.2:beta0:*:*:*:*:*:*",
"matchCriteriaId": "06674061-F269-4176-8A4B-6FF9D3E8A5B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.3:-:*:*:*:*:*:*",
"matchCriteriaId": "FEEE7CFF-9B3E-4B76-AFF6-18626060F46B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.3:beta0:*:*:*:*:*:*",
"matchCriteriaId": "028EB2D3-3490-4D12-B2E4-C330B015F0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.4:-:*:*:*:*:*:*",
"matchCriteriaId": "1B34DB5C-F1C0-42E3-A3E8-300C2E87FE04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.4:beta0:*:*:*:*:*:*",
"matchCriteriaId": "471B216A-3B92-4033-8E06-8523EA167132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.5:-:*:*:*:*:*:*",
"matchCriteriaId": "A1E81600-D293-4B9B-BDB6-4057308A7876",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.5:beta0:*:*:*:*:*:*",
"matchCriteriaId": "59EA6211-D671-42EC-BEAE-698CB47FD529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.6:-:*:*:*:*:*:*",
"matchCriteriaId": "4DA1071A-7489-45B5-875C-D3F8401BC726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.6:beta0:*:*:*:*:*:*",
"matchCriteriaId": "4CC774DD-08F0-4AC4-A0A9-67F86A7ED2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.7:-:*:*:*:*:*:*",
"matchCriteriaId": "BAE36DCA-CBFD-4536-9760-5B6BEF1FFDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.7:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "AE75E512-849E-4153-A469-EB271DB58F2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.8:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "4CEF4BDF-5189-4FD9-8037-DD15E147F611",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "428B51D5-37DA-4C4D-A4BF-09F8CAB04A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "34A6AC2D-82C4-4E1F-8D9A-159E31A4F790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "002991E8-6CC8-4F58-89B3-0B1AF2447DD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "9EA02FED-0377-4E4B-A86F-EE44F0E27360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "1496A02B-29F5-4DD5-B9FE-B39C5B77E8CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "59D7C9A1-A467-46A5-A03E-A04BD35287C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "41BF2E7F-E6DB-4ED0-B943-247B4F592C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "EF0406C1-854E-4B4D-AC1E-7DE304356030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "300E9B49-446B-406C-B219-360BD97D6EC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.1:-:*:*:*:*:*:*",
"matchCriteriaId": "3AEA05A4-1B15-4E86-AD77-9D0BC1822AC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.1:beta0:*:*:*:*:*:*",
"matchCriteriaId": "FD7A10F0-A32E-4B56-8706-F09CE7914557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.2:-:*:*:*:*:*:*",
"matchCriteriaId": "149679C2-2A81-4783-8CFD-13DC0FD5BE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.2:beta0:*:*:*:*:*:*",
"matchCriteriaId": "EB97EBDA-CC98-4D92-B3F9-1BFBB21898B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.3:-:*:*:*:*:*:*",
"matchCriteriaId": "3CBB6E83-04DF-4B19-B638-F1F3183BE8C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.3:beta0:*:*:*:*:*:*",
"matchCriteriaId": "C6EB704F-AA52-4308-9451-9700EAB596F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.4:beta.0:*:*:*:*:*:*",
"matchCriteriaId": "D72214C5-AA44-4937-A42A-C2FD1E0EF7D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "B87B49B8-1441-45B6-9A72-E3C5A278883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "5A14876D-D0FA-4883-AEC6-28E29F5E3CA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "401E0997-C67F-471C-B596-92B9773A3AEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "BF1B7B10-AC15-4022-BDC9-71CF82130E3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:beta0:*:*:*:*:*:*",
"matchCriteriaId": "550C5D3B-2C70-4411-A54D-3D07EAEFD7E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "FE430085-EA45-43B6-8AF2-30AD462D0F69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "5652A16C-F032-4FC0-BFEC-04768D259470",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.15.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "874991D0-5C48-4D10-B2E4-51D6BE2298E4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet\u0027s healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration."
},
{
"lang": "es",
"value": "El extremo de depuraci\u00f3n /debug/pprof se expone a trav\u00e9s del puerto de salud de Kubelet no autenticado. El punto final del pprof go se expone sobre el puerto healthz del Kubelet. Este extremo de depuraci\u00f3n puede filtrar informaci\u00f3n confidencial, como las direcciones internas de memoria y la configuraci\u00f3n de Kubelet, o por una denegaci\u00f3n de servicio limitada. Las versiones anteriores a 1.15.0, 1.14.4, 1.13.8 y 1.12.10 se ven afectadas. El problema es de gravedad media, pero no expuesto por la configuraci\u00f3n predeterminada."
}
],
"id": "CVE-2019-11248",
"lastModified": "2024-11-21T04:20:48.100",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "jordan@liggitt.net",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:11.367",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81023"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/81023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-419"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-02 01:29
Modified
2024-11-21 03:40
Severity ?
4.2 (Medium) - CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://bugzilla.redhat.com/show_bug.cgi?id=1564305 | Issue Tracking, Third Party Advisory | |
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/61297 | Third Party Advisory | |
| jordan@liggitt.net | https://hansmi.ch/articles/2018-04-openshift-s2i-security | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1564305 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/61297 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hansmi.ch/articles/2018-04-openshift-s2i-security | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D09DA9DD-99CC-48B5-B815-416A38E683E3",
"versionEndIncluding": "1.5.9",
"versionStartIncluding": "1.5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A9965DAB-0F22-489E-BC47-078B728CA68D",
"versionEndIncluding": "1.6.14",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B2B878A-080A-4F6F-8084-547E753715FE",
"versionEndIncluding": "1.7.17",
"versionStartIncluding": "1.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B425895F-FB77-4688-8B97-FA0765CD251D",
"versionEndIncluding": "1.8.15",
"versionStartIncluding": "1.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C8849BC1-DCAC-49D6-815B-2E25AB10A2D8",
"versionEndIncluding": "1.9.5",
"versionStartIncluding": "1.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes versions 1.5.x, 1.6.x, 1.7.x, 1.8.x, and prior to version 1.9.6, the kubectl cp command insecurely handles tar data returned from the container, and can be caused to overwrite arbitrary local files."
},
{
"lang": "es",
"value": "En las versiones 1.5.x, 1.6.x, 1.7.x, 1.8.x y anteriores a la versi\u00f3n 1.9.6 de Kubernetes, el comando kubectl cp gestiona de forma insegura los datos tar devueltos del contenedor, lo que puede sobrescribir archivos locales arbitrarios."
}
],
"id": "CVE-2018-1002100",
"lastModified": "2024-11-21T03:40:38.253",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-02T01:29:02.110",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/61297"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/61297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://hansmi.ch/articles/2018-04-openshift-s2i-security"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-22 14:15
Modified
2024-11-21 05:39
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/92914 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ | Exploit, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20200810-0004/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/92914 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200810-0004/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43222A9D-6D48-490F-8120-349DCE1C1218",
"versionEndIncluding": "1.15.0",
"versionStartIncluding": "1.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1EA8C5-2EF4-4462-B693-FE20B3DF75C6",
"versionEndExcluding": "1.16.13",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1FA454-87A3-480C-BB5E-A23086E2EA99",
"versionEndExcluding": "1.17.9",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4009BA-8220-4B8E-8B4B-1ADA1680DD70",
"versionEndExcluding": "1.18.6",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."
},
{
"lang": "es",
"value": "El Kubernetes kube-apiserver en versiones v1.6-v1.15 y versiones anteriores a v1.16.13, v1.17.9 y v1.18.6, son vulnerables a un redireccionamiento no validado en las peticiones de actualizaci\u00f3n proxy que podr\u00edan permitir a un atacante escalar privilegios desde un compromiso de nodo a un compromiso del cl\u00faster completo"
}
],
"id": "CVE-2020-8559",
"lastModified": "2024-11-21T05:39:01.920",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-22T14:15:16.517",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92914"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200810-0004/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/92914"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200810-0004/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-07 22:15
Modified
2024-11-21 05:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/95621 | Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20210122-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/95621 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210122-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "515661A5-8AFF-45B7-932C-3B5CD32945F0",
"versionEndExcluding": "1.19.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager\u0027s log. This affects \u003c v1.19.3."
},
{
"lang": "es",
"value": "En los cl\u00fasteres de Kubernetes que utilizan VSphere como proveedor de nube, con un nivel de registro establecido en 4 o superior, las credenciales de la nube de VSphere se filtrar\u00e1n en el registro del administrador del controlador de nube. Esto afecta a versiones anteriores a v1.19.3"
}
],
"id": "CVE-2020-8563",
"lastModified": "2024-11-21T05:39:02.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-07T22:15:21.197",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95621"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-31 21:15
Modified
2024-11-21 08:17
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A security issue was discovered in Kubernetes where a user
that can create pods on Windows nodes may be able to escalate to admin
privileges on those nodes. Kubernetes clusters are only affected if they
include Windows nodes.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/119339 | Exploit, Mitigation, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc | Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20231130-0007/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/119339 | Exploit, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20231130-0007/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| microsoft | windows | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FF4C81ED-BB69-490B-BABA-89C2501A5E6D",
"versionEndExcluding": "1.24.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "86AE4580-37A1-4E7B-9B7A-A30316676065",
"versionEndExcluding": "1.25.13",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99BCE3D9-3EFA-4358-B36E-47954DBE28D4",
"versionEndExcluding": "1.26.8",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3F30AD24-3FA9-4FA8-BCD5-5351EA357B49",
"versionEndExcluding": "1.27.5",
"versionStartIncluding": "1.27.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FAE518-D5F9-4A7D-A703-1D36EA8A563C",
"versionEndExcluding": "1.28.1",
"versionStartIncluding": "1.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a user\n that can create pods on Windows nodes may be able to escalate to admin \nprivileges on those nodes. Kubernetes clusters are only affected if they\n include Windows nodes.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema de seguridad en Kubernetes donde un usuario que pueda crear pods en nodos de Windows puede escalar a privilegios de administrador en esos nodos. Los cl\u00fasteres de Kubernetes solo se ven afectados si incluyen nodos de Windows."
}
],
"id": "CVE-2023-3676",
"lastModified": "2024-11-21T08:17:48.880",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-10-31T21:15:08.550",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119339"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20231130-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/119339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/d_fvHZ9a5zc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20231130-0007/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-12-05 16:15
Modified
2024-11-21 03:40
Severity ?
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
2.6 (Low) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N
Summary
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | 1.14.0 | |
| kubernetes | kubernetes | 1.14.0 | |
| fedoraproject | fedora | 31 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1774C3E1-5BE8-4DC0-8A61-39B183C36F96",
"versionEndIncluding": "1.13.13",
"versionStartIncluding": "1.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha0:*:*:*:*:*:*",
"matchCriteriaId": "34A6AC2D-82C4-4E1F-8D9A-159E31A4F790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "002991E8-6CC8-4F58-89B3-0B1AF2447DD5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet."
},
{
"lang": "es",
"value": "Una comprobaci\u00f3n inapropiada de un redireccionamiento de URL en el servidor Kubernetes API en versiones anteriores a v1.14.0, permite que un Kubelet controlado por el atacante redireccione las peticiones del servidor API desde endpoints de transmisi\u00f3n hacia hosts arbitrarios. Los servidores API impactados seguir\u00e1n el redireccionamiento como una petici\u00f3n GET con credenciales de certificado del cliente para autenticarse en el Kubelet."
}
],
"id": "CVE-2018-1002102",
"lastModified": "2024-11-21T03:40:38.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-12-05T16:15:10.427",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/85867"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/85867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-601"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-04-01 21:15
Modified
2024-11-21 04:20
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/89535 | Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ | Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20200413-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/89535 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200413-0003/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87849953-B423-4E3B-A977-A62A88B40037",
"versionEndExcluding": "1.15.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D26FF8F-C943-41DE-A97D-89E8C7AB6348",
"versionEndExcluding": "1.16.7",
"versionStartIncluding": "1.16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "95F48D52-C95F-4BBE-87C3-476F8058A37E",
"versionEndExcluding": "1.17.3",
"versionStartIncluding": "1.17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML."
},
{
"lang": "es",
"value": "El componente Kubernetes API Server en versiones 1.1-1.14 y versiones anteriores a 1.15.10, 1.16.7 y 1.17.3, permite a un usuario autorizado que env\u00eda cargas maliciosas de YAML causar que el kube-apiserver consuma ciclos de CPU excesivos mientras analiza YAML."
}
],
"id": "CVE-2019-11254",
"lastModified": "2024-11-21T04:20:48.840",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-01T21:15:13.397",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89535"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/89535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200413-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1050"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-07 22:15
Modified
2024-11-21 05:39
Severity ?
4.7 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/95622 | Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20210122-0006/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/95622 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | Mailing List, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210122-0006/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B765012B-C658-4EB8-956A-62A91142CE05",
"versionEndExcluding": "1.17.13",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67F84BBA-5FCA-4A23-BB4E-47BE92E3706A",
"versionEndExcluding": "1.18.10",
"versionStartIncluding": "1.18.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "456BD01B-44E8-4823-B220-5E109D8C377D",
"versionEndExcluding": "1.19.3",
"versionStartIncluding": "1.19.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects \u003c v1.19.3, \u003c v1.18.10, \u003c v1.17.13."
},
{
"lang": "es",
"value": "En los cl\u00fasteres de Kubernetes que usan un nivel de registro de al menos 4, el procesamiento de un archivo de configuraci\u00f3n de docker malformado dar\u00e1 como resultado la filtraci\u00f3n del contenido del archivo de configuraci\u00f3n de docker, que puede incluir secretos de extracci\u00f3n u otras credenciales de registro. Esto afecta versiones anteriores a v1.19.3, versiones anteriores a v1.18.10, versiones anteriores a v1.17.13"
}
],
"id": "CVE-2020-8564",
"lastModified": "2024-11-21T05:39:02.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-07T22:15:21.307",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95622"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/95622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210122-0006/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-06-16 08:15
Modified
2024-12-12 16:15
Severity ?
3.4 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| fedoraproject | fedora | 38 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "59A9CBF2-B94B-4311-AE41-6CEA2DA7E24B",
"versionEndExcluding": "1.24.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D70178-BDE0-430B-8446-0A93FB2323FB",
"versionEndExcluding": "1.25.10",
"versionStartIncluding": "1.25.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D02A28B2-70E6-4B48-9D58-39525AD66C20",
"versionEndExcluding": "1.26.5",
"versionStartIncluding": "1.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1C04A62B-D3F5-4E63-819A-0A8868F34643",
"versionEndExcluding": "1.27.2",
"versionStartIncluding": "1.27.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubelet that allows pods to bypass the seccomp profile enforcement. Pods that use localhost type for seccomp profile but specify an empty profile field, are affected by this issue. In this scenario, this vulnerability allows the pod to run in unconfined (seccomp disabled) mode. This bug affects Kubelet."
}
],
"id": "CVE-2023-2431",
"lastModified": "2024-12-12T16:15:07.937",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-16T08:15:08.770",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118690"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10"
},
{
"source": "jordan@liggitt.net",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/QHmx0HOQa10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/43HDSKBKPSW53OW647B5ETHRWFFNHSRQ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBX4RL4UOC7JHWWYB2AJCKSUM7EG5Y5G/"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking"
],
"url": "https://github.com/kubernetes/kubernetes/issues/118690"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1287"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-07-23 17:15
Modified
2024-11-21 05:39
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/93032 | Issue Tracking, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ | Mailing List, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20200821-0002/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/93032 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200821-0002/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * | |
| kubernetes | kubernetes | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "12849C27-DD8A-4D84-92FD-3AB32B43742B",
"versionEndExcluding": "1.16.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1FA454-87A3-480C-BB5E-A23086E2EA99",
"versionEndExcluding": "1.17.9",
"versionStartIncluding": "1.17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4009BA-8220-4B8E-8B4B-1ADA1680DD70",
"versionEndExcluding": "1.18.6",
"versionStartIncluding": "1.18.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail."
},
{
"lang": "es",
"value": "El componente kubelet de Kubenetes versiones 1.1-1.16.12, 1.17.0-1.17.8 y 1.18.0-1.18.5, no cuenta para el uso del disco por parte de un pod que escribe en su propio archivo /etc/hosts. El archivo /etc/hosts montado en un pod para kubelet no esta incluido para el administrador de desalojo de kubelet al calcular el uso de almacenamiento ef\u00edmero por un pod. Si un pod escribe una gran cantidad de datos en el archivo /etc/hosts, podr\u00eda llenar el espacio de almacenamiento del nodo y hacer que el nodo presente un fallo"
}
],
"id": "CVE-2020-8557",
"lastModified": "2024-11-21T05:39:01.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-23T17:15:12.513",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/93032"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ"
},
{
"source": "jordan@liggitt.net",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/93032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200821-0002/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-09-10 14:29
Modified
2024-11-21 02:57
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2016:2064 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 | Issue Tracking, Third Party Advisory | |
| secalert@redhat.com | https://github.com/kubernetes/kubernetes/issues/34517 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2016:2064 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/34517 | Exploit, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | - | |
| redhat | openshift | 3.1 | |
| redhat | openshift | 3.2 | |
| redhat | openshift | 3.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14C32308-314D-4E0D-B15F-6A68DF21E9F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift:3.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F8E35FAB-695F-44DA-945D-60B47C1F200B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.2:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F33CEF04-05FA-444C-BB14-F3E3434AF61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.3:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "84C890EC-229B-458B-AEF7-EA03C6248A25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fields. An attacker could use this flaw to bypass authentication requirements by using a specially crafted X.509 certificate."
},
{
"lang": "es",
"value": "Se ha descubierto que Kubernetes, tal y como se emplea en Openshift Enterprise 3, no valida los campos de nombre del host del certificado intermediario de cliente X.509. Un atacante podr\u00eda emplear este error para omitir los requisitos de autenticaci\u00f3n mediante el uso de un certificado X.509 especialmente manipulado"
}
],
"id": "CVE-2016-7075",
"lastModified": "2024-11-21T02:57:24.557",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-10T14:29:00.800",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2064"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/34517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2016:2064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/34517"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "secalert@redhat.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-29 01:15
Modified
2024-11-21 04:20
Severity ?
4.9 (Medium) - CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| jordan@liggitt.net | https://github.com/kubernetes/kubernetes/issues/78308 | Exploit, Patch, Third Party Advisory | |
| jordan@liggitt.net | https://security.netapp.com/advisory/ntap-20190919-0003/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/kubernetes/kubernetes/issues/78308 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190919-0003/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kubernetes | kubernetes | 1.13.6 | |
| kubernetes | kubernetes | 1.14.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "91091DC9-FC24-41B5-BABC-0578CFC6ACBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7067A9B9-8EA2-4CB7-A80D-E1A79495F463",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In kubelet v1.13.6 and v1.14.2, containers for pods that do not specify an explicit runAsUser attempt to run as uid 0 (root) on container restart, or if the image was previously pulled to the node. If the pod specified mustRunAsNonRoot: true, the kubelet will refuse to start the container as root. If the pod did not specify mustRunAsNonRoot: true, the kubelet will run the container as uid 0."
},
{
"lang": "es",
"value": "En kubelet v1.13.6 y v1.14.2, los contenedores para pods que no especifican un intento runAsUser expl\u00edcito de ejecutarse como uid 0 (ra\u00edz) en el reinicio del contenedor, o si la imagen se extrajo previamente en el nodo. Si el pod especificado mustRunAsNonRoot: true, el kubelet se negar\u00e1 a iniciar el contenedor como root. Si el pod no especific\u00f3 mustRunAsNonRoot: true, el kubelet ejecutar\u00e1 el contenedor como uid 0."
}
],
"id": "CVE-2019-11245",
"lastModified": "2024-11-21T04:20:47.757",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 1.4,
"impactScore": 3.4,
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-29T01:15:11.147",
"references": [
{
"source": "jordan@liggitt.net",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/78308"
},
{
"source": "jordan@liggitt.net",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/kubernetes/kubernetes/issues/78308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003/"
}
],
"sourceIdentifier": "jordan@liggitt.net",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-703"
}
],
"source": "jordan@liggitt.net",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-201710-0451
Vulnerability from variot
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. This BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: dnsmasq security update Advisory ID: RHSA-2017:2836-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2836 Issue date: 2017-10-02 CVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 =====================================================================
- Summary:
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
-
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)
-
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)
-
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)
-
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)
-
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495)
-
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496)
Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies 1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code 1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code 1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code 1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code 1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
aarch64: dnsmasq-2.76-2.el7_4.2.aarch64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-2.76-2.el7_4.2.ppc64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-2.76-2.el7_4.2.s390x.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm dnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm dnsmasq-utils-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-14491 https://access.redhat.com/security/cve/CVE-2017-14492 https://access.redhat.com/security/cve/CVE-2017-14493 https://access.redhat.com/security/cve/CVE-2017-14494 https://access.redhat.com/security/cve/CVE-2017-14495 https://access.redhat.com/security/cve/CVE-2017-14496 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3199382
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX SfoCV7+qG2nwqlHKLZOlhIU= =iWfU -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3430-3 January 04, 2018
dnsmasq regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3430-2 introduced regression in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem.
We apologize for the inconvenience.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14491)
Felix Wilhelm, Fermin J. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dnsmasq=C2=A02.59-4ubuntu0.4 dnsmasq-base2.59-4ubuntu0.4 dnsmasq-utils2.59-4ubuntu0.4
After a standard system update you need to reboot your computer to make all the necessary changes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.78 >= 2.78
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78"
References
[ 1 ] CVE-2017-14491 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491 [ 2 ] CVE-2017-14492 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492 [ 3 ] CVE-2017-14493 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493 [ 4 ] CVE-2017-14494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494 [ 5 ] CVE-2017-14495 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495 [ 6 ] CVE-2017-14496 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14495"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
],
"trust": 0.6
},
"cve": "CVE-2017-14495",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14495",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14495",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14495",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-743",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14495",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities:\n1. A buffer-overflow vulnerability\n2. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. \nThis BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: dnsmasq security update\nAdvisory ID: RHSA-2017:2836-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2836\nIssue date: 2017-10-02\nCVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 \n CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 \n=====================================================================\n\n1. Summary:\n\nAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name\nServer) forwarder and DHCP (Dynamic Host Configuration Protocol) server. \n\nSecurity Fix(es):\n\n* A heap buffer overflow was found in dnsmasq in the code responsible for\nbuilding DNS replies. An attacker could send crafted DNS packets to dnsmasq\nwhich would cause it to crash or, potentially, execute arbitrary code. \n(CVE-2017-14491)\n\n* A heap buffer overflow was discovered in dnsmasq in the IPv6 router\nadvertisement (RA) handling code. This issue only affected\nconfigurations using one of these options: enable-ra, ra-only, slaac,\nra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)\n\n* A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)\n\n* An information leak was found in dnsmasq in the DHCPv6 relay code. An\nattacker on the local network could send crafted DHCPv6 packets to dnsmasq\ncausing it to forward the contents of process memory, potentially leaking\nsensitive data. (CVE-2017-14494)\n\n* A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An\nattacker could send crafted DNS packets which would trigger memory\nallocations which would never be freed, leading to unbounded memory\nconsumption and eventually a crash. This issue only affected configurations\nusing one of the options: add-mac, add-cpe-id, or add-subnet. \n(CVE-2017-14495)\n\n* An integer underflow flaw leading to a buffer over-read was found in\ndnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to\ndnsmasq which would cause it to crash. This issue only affected\nconfigurations using one of the options: add-mac, add-cpe-id, or\nadd-subnet. (CVE-2017-14496)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. \nSerna (Google Security Team), Gabriel Campana (Google Security Team), Kevin\nHamacher (Google Security Team), and Ron Bowes (Google Security Team) for\nreporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies\n1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code\n1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code\n1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code\n1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code\n1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\naarch64:\ndnsmasq-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-utils-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-14491\nhttps://access.redhat.com/security/cve/CVE-2017-14492\nhttps://access.redhat.com/security/cve/CVE-2017-14493\nhttps://access.redhat.com/security/cve/CVE-2017-14494\nhttps://access.redhat.com/security/cve/CVE-2017-14495\nhttps://access.redhat.com/security/cve/CVE-2017-14496\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/security/vulnerabilities/3199382\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX\nSfoCV7+qG2nwqlHKLZOlhIU=\n=iWfU\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n===========================================================================\nUbuntu Security Notice USN-3430-3\nJanuary 04, 2018\n\ndnsmasq regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3430-2 introduced regression in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nUSN-3430-2 fixed several vulnerabilities. The update introduced a new\nregression that breaks DNS resolution. This update addresses the\nproblem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. \n(CVE-2017-14491)\n\nFelix Wilhelm, Fermin J. (CVE-2017-14492)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 requests. \n(CVE-2017-14493)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14495)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. A remote\nattacker could use this issue to cause Dnsmasq to crash, resulting in\na denial of service. (CVE-2017-14496)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dnsmasq=C2=A02.59-4ubuntu0.4\n dnsmasq-base2.59-4ubuntu0.4\n dnsmasq-utils2.59-4ubuntu0.4\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.78 \u003e= 2.78 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.78\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-14491\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491\n[ 2 ] CVE-2017-14492\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492\n[ 3 ] CVE-2017-14493\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493\n[ 4 ] CVE-2017-14494\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494\n[ 5 ] CVE-2017-14495\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495\n[ 6 ] CVE-2017-14496\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42945",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14495"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-14495",
"trust": 3.6
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "BID",
"id": "101977",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 2.0
},
{
"db": "EXPLOIT-DB",
"id": "42945",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.7
},
{
"db": "SIEMENS",
"id": "SSA-689071",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-14495",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144490",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144706",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"id": "VAR-201710-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-26T00:11:30.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3989",
"trust": 0.8,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"title": "Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for \u201cBlueBorne\u201d and \u201cDnsmasq\u201d.",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"title": "openSUSE-SU-2017:2633",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"title": "RHSA-2017:2836",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"title": "CHANGELOG",
"trust": 0.8,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"title": "Security fix, CVE-2017-14495, OOM in DNS response creation.",
"trust": 0.8,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45"
},
{
"title": "USN-3430-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-2/"
},
{
"title": "USN-3430-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-1/"
},
{
"title": "dnsmasq: Multiple Critical and Important vulnerabilities",
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"title": "Dnsmasq Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92839"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172836 - security advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-14495"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-2"
},
{
"title": "Ubuntu Security Notice: dnsmasq regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-3"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-1"
},
{
"title": "Debian Security Advisories: DSA-3989-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c18698ecfe74c7de381531f8ed44dcf"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=7f490a104360d6f65bee18ec7bfa18a3"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1251"
},
{
"title": "Amazon Linux AMI: ALAS-2017-907",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-907"
},
{
"title": "Arch Linux Advisories: [ASA-201710-1] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-772",
"trust": 1.0
},
{
"problemtype": "CWE-400",
"trust": 0.8
},
{
"problemtype": "CWE-399",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "NVD",
"id": "CVE-2017-14495"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 2.0,
"url": "http://www.ubuntu.com/usn/usn-3430-1"
},
{
"trust": 2.0,
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/42945/"
},
{
"trust": 1.8,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.8,
"url": "http://www.ubuntu.com/usn/usn-3430-2"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"trust": 1.7,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/101977"
},
{
"trust": 1.7,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.7,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-005.txt"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"trust": 1.7,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14495"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=51eadb692a5123b9838e5a68ecace3ac579a3a45"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14495"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 0.6,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.6,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-332-01"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14496"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14491"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14494"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14492"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14493"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/772.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3430-2/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1741262"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3430-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14495"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14491"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14496"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14494"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"date": "2017-11-28T00:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"date": "2017-10-03T20:21:00",
"db": "PACKETSTORM",
"id": "144490"
},
{
"date": "2017-10-03T05:19:24",
"db": "PACKETSTORM",
"id": "144484"
},
{
"date": "2018-01-04T17:50:40",
"db": "PACKETSTORM",
"id": "145652"
},
{
"date": "2017-10-02T13:13:00",
"db": "PACKETSTORM",
"id": "144469"
},
{
"date": "2017-10-23T13:54:05",
"db": "PACKETSTORM",
"id": "144706"
},
{
"date": "2017-10-03T01:29:02.153000",
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14495"
},
{
"date": "2019-05-15T17:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008622"
},
{
"date": "2023-11-07T02:39:01.690000",
"db": "NVD",
"id": "CVE-2017-14495"
},
{
"date": "2020-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-743"
}
],
"trust": 0.6
}
}
var-201710-0448
Vulnerability from variot
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Attackers can exploit these issues to execute arbitrary code within the context of the affected application, bypass the ASLR, gain sensitive information, or cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: dnsmasq security update Advisory ID: RHSA-2017:2836-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2836 Issue date: 2017-10-02 CVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 =====================================================================
- Summary:
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
-
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)
-
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)
-
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)
-
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495)
-
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496)
Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies 1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code 1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code 1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code 1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code 1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
aarch64: dnsmasq-2.76-2.el7_4.2.aarch64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-2.76-2.el7_4.2.ppc64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-2.76-2.el7_4.2.s390x.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm dnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm dnsmasq-utils-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-14491 https://access.redhat.com/security/cve/CVE-2017-14492 https://access.redhat.com/security/cve/CVE-2017-14493 https://access.redhat.com/security/cve/CVE-2017-14494 https://access.redhat.com/security/cve/CVE-2017-14495 https://access.redhat.com/security/cve/CVE-2017-14496 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3199382
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX SfoCV7+qG2nwqlHKLZOlhIU= =iWfU -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3430-3 January 04, 2018
dnsmasq regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3430-2 introduced regression in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem.
We apologize for the inconvenience.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14491)
Felix Wilhelm, Fermin J. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dnsmasq=C2=A02.59-4ubuntu0.4 dnsmasq-base2.59-4ubuntu0.4 dnsmasq-utils2.59-4ubuntu0.4
After a standard system update you need to reboot your computer to make all the necessary changes. 7.3) - ppc64, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 201710-27
https://security.gentoo.org/
Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: October 23, 2017 Bugs: #632692 ID: 201710-27
Synopsis
Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.78 >= 2.78
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78"
References
[ 1 ] CVE-2017-14491 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491 [ 2 ] CVE-2017-14492 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492 [ 3 ] CVE-2017-14493 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493 [ 4 ] CVE-2017-14494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494 [ 5 ] CVE-2017-14495 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495 [ 6 ] CVE-2017-14496 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0448",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14492"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
],
"trust": 0.6
},
"cve": "CVE-2017-14492",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14492",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14492",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14492",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-746",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14492",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. \nAttackers can exploit these issues to execute arbitrary code within the context of the affected application, bypass the ASLR, gain sensitive information, or cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: dnsmasq security update\nAdvisory ID: RHSA-2017:2836-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2836\nIssue date: 2017-10-02\nCVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 \n CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 \n=====================================================================\n\n1. Summary:\n\nAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name\nServer) forwarder and DHCP (Dynamic Host Configuration Protocol) server. \n\nSecurity Fix(es):\n\n* A heap buffer overflow was found in dnsmasq in the code responsible for\nbuilding DNS replies. This issue only affected\nconfigurations using one of these options: enable-ra, ra-only, slaac,\nra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)\n\n* A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)\n\n* An information leak was found in dnsmasq in the DHCPv6 relay code. An\nattacker on the local network could send crafted DHCPv6 packets to dnsmasq\ncausing it to forward the contents of process memory, potentially leaking\nsensitive data. (CVE-2017-14494)\n\n* A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An\nattacker could send crafted DNS packets which would trigger memory\nallocations which would never be freed, leading to unbounded memory\nconsumption and eventually a crash. This issue only affected configurations\nusing one of the options: add-mac, add-cpe-id, or add-subnet. \n(CVE-2017-14495)\n\n* An integer underflow flaw leading to a buffer over-read was found in\ndnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to\ndnsmasq which would cause it to crash. This issue only affected\nconfigurations using one of the options: add-mac, add-cpe-id, or\nadd-subnet. (CVE-2017-14496)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. \nSerna (Google Security Team), Gabriel Campana (Google Security Team), Kevin\nHamacher (Google Security Team), and Ron Bowes (Google Security Team) for\nreporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies\n1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code\n1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code\n1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code\n1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code\n1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\naarch64:\ndnsmasq-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-utils-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-14491\nhttps://access.redhat.com/security/cve/CVE-2017-14492\nhttps://access.redhat.com/security/cve/CVE-2017-14493\nhttps://access.redhat.com/security/cve/CVE-2017-14494\nhttps://access.redhat.com/security/cve/CVE-2017-14495\nhttps://access.redhat.com/security/cve/CVE-2017-14496\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/security/vulnerabilities/3199382\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX\nSfoCV7+qG2nwqlHKLZOlhIU=\n=iWfU\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n===========================================================================\nUbuntu Security Notice USN-3430-3\nJanuary 04, 2018\n\ndnsmasq regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3430-2 introduced regression in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nUSN-3430-2 fixed several vulnerabilities. The update introduced a new\nregression that breaks DNS resolution. This update addresses the\nproblem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. \n(CVE-2017-14491)\n\nFelix Wilhelm, Fermin J. (CVE-2017-14492)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 requests. \n(CVE-2017-14493)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. A remote\nattacker could use this issue to cause Dnsmasq to consume memory,\nresulting in a denial of service. (CVE-2017-14495)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dnsmasq=C2=A02.59-4ubuntu0.4\n dnsmasq-base2.59-4ubuntu0.4\n dnsmasq-utils2.59-4ubuntu0.4\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 7.3) - ppc64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201710-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Dnsmasq: Multiple vulnerabilities\n Date: October 23, 2017\n Bugs: #632692\n ID: 201710-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Dnsmasq, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.78 \u003e= 2.78 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.78\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-14491\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491\n[ 2 ] CVE-2017-14492\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492\n[ 3 ] CVE-2017-14493\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493\n[ 4 ] CVE-2017-14494\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494\n[ 5 ] CVE-2017-14495\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495\n[ 6 ] CVE-2017-14496\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42942",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14492"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14492",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 2.8
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42942",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-14492",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144490",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144706",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"id": "VAR-201710-0448",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-26T00:11:30.683000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3989",
"trust": 0.8,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"title": "Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for \u201cBlueBorne\u201d and \u201cDnsmasq\u201d.",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"title": "openSUSE-SU-2017:2633",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"title": "RHSA-2017:2837",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"title": "dnsmasq: Multiple Critical and Important vulnerabilities",
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"title": "CHANGELOG",
"trust": 0.8,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"title": "Security fix, CVE-2017-14492, DHCPv6 RA heap overflow.",
"trust": 0.8,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10"
},
{
"title": "USN-3430-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-2/"
},
{
"title": "USN-3430-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-1/"
},
{
"title": "Dnsmasq Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92842"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172837 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172836 - security advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-14492"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-2"
},
{
"title": "Ubuntu Security Notice: dnsmasq regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-3"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-1"
},
{
"title": "Debian Security Advisories: DSA-3989-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c18698ecfe74c7de381531f8ed44dcf"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1251"
},
{
"title": "Amazon Linux AMI: ALAS-2017-907",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-907"
},
{
"title": "Arch Linux Advisories: [ASA-201710-1] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "NVD",
"id": "CVE-2017-14492"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 2.1,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 2.0,
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.4,
"url": "http://www.ubuntu.com/usn/usn-3430-1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14492"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/42942/"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3430-2"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-005.txt"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=24036ea507862c7b7898b68289c8130f85599c10"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14492"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14491"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14494"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14493"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14496"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14495"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55495"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3430-2/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1741262"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3430-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14495"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14491"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14496"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14494"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"date": "2017-10-03T20:21:00",
"db": "PACKETSTORM",
"id": "144490"
},
{
"date": "2017-10-03T05:19:24",
"db": "PACKETSTORM",
"id": "144484"
},
{
"date": "2018-01-04T17:50:40",
"db": "PACKETSTORM",
"id": "145652"
},
{
"date": "2017-10-02T11:11:00",
"db": "PACKETSTORM",
"id": "144477"
},
{
"date": "2017-10-02T13:13:00",
"db": "PACKETSTORM",
"id": "144469"
},
{
"date": "2017-10-23T13:54:05",
"db": "PACKETSTORM",
"id": "144706"
},
{
"date": "2017-10-03T01:29:02.027000",
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14492"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"date": "2023-11-07T02:39:01.400000",
"db": "NVD",
"id": "CVE-2017-14492"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dnsmasq Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008619"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-746"
}
],
"trust": 0.6
}
}
var-201710-1267
Vulnerability from variot
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. This BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1267",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
],
"trust": 0.6
},
"cve": "CVE-2017-13704",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-13704",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-13704",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-13704",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1115",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-13704",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero\u0027s (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities:\n1. A buffer-overflow vulnerability\n2. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. \nThis BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-13704",
"trust": 3.1
},
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 2.5
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 2.0
},
{
"db": "BID",
"id": "101977",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-689071",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-13704",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"id": "VAR-201710-1267",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-18T12:03:09.568000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2017-274d763ed8",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4tk6dwc53wsu6633evzl7h4pcwbyhmhk/"
},
{
"title": "CHANGELOG",
"trust": 0.8,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"title": "Fix CVE-2017-13704, which resulted in a crash on a large DNS query.",
"trust": 0.8,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928"
},
{
"title": "USN-3430-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-2/"
},
{
"title": "USN-3430-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-1/"
},
{
"title": "dnsmasq: Multiple Critical and Important vulnerabilities",
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"title": "Dnsmasq Enter the fix for the verification vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92838"
},
{
"title": "Debian CVElist Bug Report Logs: dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS query",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fa8aad66cae5df51d49e1cdce2fe4a42"
},
{
"title": "Red Hat: CVE-2017-13704",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2017-13704"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=7f490a104360d6f65bee18ec7bfa18a3"
},
{
"title": "Brocade Security Advisories: BSA-2017-455",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=f173c512f0a725c451f45840ccf64e99"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
},
{
"problemtype": "CWE-191",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.7,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/101977"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 1.0,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=63437ffbb58837b214b4b92cb1c54bc5f3279928"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4tk6dwc53wsu6633evzl7h4pcwbyhmhk/"
},
{
"trust": 1.0,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.0,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13704"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-13704"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-332-01"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 0.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4tk6dwc53wsu6633evzl7h4pcwbyhmhk/"
},
{
"trust": 0.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877102"
},
{
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"date": "2017-11-28T00:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"date": "2017-10-03T01:29:01.637000",
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2018-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2017-13704"
},
{
"date": "2019-05-15T17:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008617"
},
{
"date": "2023-11-07T02:38:41.510000",
"db": "NVD",
"id": "CVE-2017-13704"
},
{
"date": "2020-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "101977"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1115"
}
],
"trust": 0.9
}
}
var-201710-0449
Vulnerability from variot
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: dnsmasq security update Advisory ID: RHSA-2017:2836-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2836 Issue date: 2017-10-02 CVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 =====================================================================
- Summary:
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
-
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. (CVE-2017-14491)
-
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)
-
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)
-
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)
-
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495)
-
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496)
Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies 1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code 1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code 1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code 1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code 1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
aarch64: dnsmasq-2.76-2.el7_4.2.aarch64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-2.76-2.el7_4.2.ppc64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-2.76-2.el7_4.2.s390x.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm dnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm dnsmasq-utils-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-14491 https://access.redhat.com/security/cve/CVE-2017-14492 https://access.redhat.com/security/cve/CVE-2017-14493 https://access.redhat.com/security/cve/CVE-2017-14494 https://access.redhat.com/security/cve/CVE-2017-14495 https://access.redhat.com/security/cve/CVE-2017-14496 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3199382
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX SfoCV7+qG2nwqlHKLZOlhIU= =iWfU -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3430-3 January 04, 2018
dnsmasq regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3430-2 introduced regression in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem.
We apologize for the inconvenience.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14491)
Felix Wilhelm, Fermin J. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dnsmasq=C2=A02.59-4ubuntu0.4 dnsmasq-base2.59-4ubuntu0.4 dnsmasq-utils2.59-4ubuntu0.4
After a standard system update you need to reboot your computer to make all the necessary changes. 7.3) - ppc64, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 201710-27
https://security.gentoo.org/
Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: October 23, 2017 Bugs: #632692 ID: 201710-27
Synopsis
Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.78 >= 2.78
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78"
References
[ 1 ] CVE-2017-14491 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491 [ 2 ] CVE-2017-14492 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492 [ 3 ] CVE-2017-14493 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493 [ 4 ] CVE-2017-14494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494 [ 5 ] CVE-2017-14495 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495 [ 6 ] CVE-2017-14496 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0449",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "leap",
"scope": "eq",
"trust": 1.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14493"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
],
"trust": 0.6
},
"cve": "CVE-2017-14493",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14493",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14493",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14493",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-745",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14493",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: dnsmasq security update\nAdvisory ID: RHSA-2017:2836-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2836\nIssue date: 2017-10-02\nCVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 \n CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 \n=====================================================================\n\n1. Summary:\n\nAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name\nServer) forwarder and DHCP (Dynamic Host Configuration Protocol) server. \n\nSecurity Fix(es):\n\n* A heap buffer overflow was found in dnsmasq in the code responsible for\nbuilding DNS replies. \n(CVE-2017-14491)\n\n* A heap buffer overflow was discovered in dnsmasq in the IPv6 router\nadvertisement (RA) handling code. This issue only affected\nconfigurations using one of these options: enable-ra, ra-only, slaac,\nra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)\n\n* A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)\n\n* An information leak was found in dnsmasq in the DHCPv6 relay code. An\nattacker on the local network could send crafted DHCPv6 packets to dnsmasq\ncausing it to forward the contents of process memory, potentially leaking\nsensitive data. (CVE-2017-14494)\n\n* A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An\nattacker could send crafted DNS packets which would trigger memory\nallocations which would never be freed, leading to unbounded memory\nconsumption and eventually a crash. This issue only affected configurations\nusing one of the options: add-mac, add-cpe-id, or add-subnet. \n(CVE-2017-14495)\n\n* An integer underflow flaw leading to a buffer over-read was found in\ndnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to\ndnsmasq which would cause it to crash. This issue only affected\nconfigurations using one of the options: add-mac, add-cpe-id, or\nadd-subnet. (CVE-2017-14496)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. \nSerna (Google Security Team), Gabriel Campana (Google Security Team), Kevin\nHamacher (Google Security Team), and Ron Bowes (Google Security Team) for\nreporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies\n1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code\n1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code\n1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code\n1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code\n1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\naarch64:\ndnsmasq-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-utils-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-14491\nhttps://access.redhat.com/security/cve/CVE-2017-14492\nhttps://access.redhat.com/security/cve/CVE-2017-14493\nhttps://access.redhat.com/security/cve/CVE-2017-14494\nhttps://access.redhat.com/security/cve/CVE-2017-14495\nhttps://access.redhat.com/security/cve/CVE-2017-14496\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/security/vulnerabilities/3199382\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX\nSfoCV7+qG2nwqlHKLZOlhIU=\n=iWfU\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n===========================================================================\nUbuntu Security Notice USN-3430-3\nJanuary 04, 2018\n\ndnsmasq regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3430-2 introduced regression in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nUSN-3430-2 fixed several vulnerabilities. The update introduced a new\nregression that breaks DNS resolution. This update addresses the\nproblem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. \n(CVE-2017-14491)\n\nFelix Wilhelm, Fermin J. (CVE-2017-14492)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 requests. \n(CVE-2017-14493)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14495)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dnsmasq=C2=A02.59-4ubuntu0.4\n dnsmasq-base2.59-4ubuntu0.4\n dnsmasq-utils2.59-4ubuntu0.4\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 7.3) - ppc64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201710-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Dnsmasq: Multiple vulnerabilities\n Date: October 23, 2017\n Bugs: #632692\n ID: 201710-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Dnsmasq, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.78 \u003e= 2.78 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.78\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-14491\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491\n[ 2 ] CVE-2017-14492\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492\n[ 3 ] CVE-2017-14493\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493\n[ 4 ] CVE-2017-14494\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494\n[ 5 ] CVE-2017-14495\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495\n[ 6 ] CVE-2017-14496\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42943",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14493"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-14493",
"trust": 3.4
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42943",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-14493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144490",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144706",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"id": "VAR-201710-0449",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-26T00:11:30.475000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3989",
"trust": 0.8,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"title": "Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for \u201cBlueBorne\u201d and \u201cDnsmasq\u201d.",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"title": "openSUSE-SU-2017:2633",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"title": "RHSA-2017:2836",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"title": "RHSA-2017:2837",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"title": "Security fix, CVE-2017-14493, DHCPv6 - Stack buffer overflow.",
"trust": 0.8,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033"
},
{
"title": "CHANGELOG",
"trust": 0.8,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"title": "USN-3430-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-1/"
},
{
"title": "USN-3430-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-2/"
},
{
"title": "Dnsmasq Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92841"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172837 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172836 - security advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-14493"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-2"
},
{
"title": "Ubuntu Security Notice: dnsmasq regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-3"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-1"
},
{
"title": "Debian Security Advisories: DSA-3989-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c18698ecfe74c7de381531f8ed44dcf"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1251"
},
{
"title": "Amazon Linux AMI: ALAS-2017-907",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-907"
},
{
"title": "Arch Linux Advisories: [ASA-201710-1] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "bof-dnsmasq-cve-2017-14493",
"trust": 0.1,
"url": "https://github.com/pupiles/bof-dnsmasq-cve-2017-14493 "
},
{
"title": "Safe libc",
"trust": 0.1,
"url": "https://github.com/introspection-libc/main "
},
{
"title": "What is this?\nHow does it work?\nHow to build the toolchain\nHow to build a program using the safe libc\nAnd in the real world?",
"trust": 0.1,
"url": "https://github.com/pekd/safe-libc "
},
{
"title": "What is this?\nHow does it work?\nHow to build the toolchain\nHow to build a program using the safe libc\nAnd in the real world?",
"trust": 0.1,
"url": "https://github.com/introspection-libc/safe-libc "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "NVD",
"id": "CVE-2017-14493"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 2.0,
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.4,
"url": "http://www.ubuntu.com/usn/usn-3430-1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14493"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/42943/"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3430-2"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-005.txt"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=3d4ff1ba8419546490b464418223132529514033"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14493"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14491"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14494"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14492"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14496"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14495"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/pupiles/bof-dnsmasq-cve-2017-14493"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55496"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1741262"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3430-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14495"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14491"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14496"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14494"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"date": "2017-10-03T20:21:00",
"db": "PACKETSTORM",
"id": "144490"
},
{
"date": "2017-10-03T05:19:24",
"db": "PACKETSTORM",
"id": "144484"
},
{
"date": "2018-01-04T17:50:40",
"db": "PACKETSTORM",
"id": "145652"
},
{
"date": "2017-10-02T11:11:00",
"db": "PACKETSTORM",
"id": "144477"
},
{
"date": "2017-10-02T13:13:00",
"db": "PACKETSTORM",
"id": "144469"
},
{
"date": "2017-10-23T13:54:05",
"db": "PACKETSTORM",
"id": "144706"
},
{
"date": "2017-10-03T01:29:02.077000",
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14493"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"date": "2023-11-07T02:39:01.497000",
"db": "NVD",
"id": "CVE-2017-14493"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dnsmasq Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008620"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
],
"trust": 1.4
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-745"
}
],
"trust": 0.6
}
}
var-201710-0452
Vulnerability from variot
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an integer underflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. This BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: dnsmasq security update Advisory ID: RHSA-2017:2836-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2836 Issue date: 2017-10-02 CVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 =====================================================================
- Summary:
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
-
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)
-
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)
-
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)
-
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)
-
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495)
-
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496)
Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies 1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code 1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code 1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code 1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code 1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
aarch64: dnsmasq-2.76-2.el7_4.2.aarch64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-2.76-2.el7_4.2.ppc64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-2.76-2.el7_4.2.s390x.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm dnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm dnsmasq-utils-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-14491 https://access.redhat.com/security/cve/CVE-2017-14492 https://access.redhat.com/security/cve/CVE-2017-14493 https://access.redhat.com/security/cve/CVE-2017-14494 https://access.redhat.com/security/cve/CVE-2017-14495 https://access.redhat.com/security/cve/CVE-2017-14496 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3199382
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX SfoCV7+qG2nwqlHKLZOlhIU= =iWfU -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3430-3 January 04, 2018
dnsmasq regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3430-2 introduced regression in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem.
We apologize for the inconvenience.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14491)
Felix Wilhelm, Fermin J. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dnsmasq=C2=A02.59-4ubuntu0.4 dnsmasq-base2.59-4ubuntu0.4 dnsmasq-utils2.59-4ubuntu0.4
After a standard system update you need to reboot your computer to make all the necessary changes.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.78 >= 2.78
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78"
References
[ 1 ] CVE-2017-14491 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491 [ 2 ] CVE-2017-14492 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492 [ 3 ] CVE-2017-14493 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493 [ 4 ] CVE-2017-14494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494 [ 5 ] CVE-2017-14495 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495 [ 6 ] CVE-2017-14496 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0452",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 1.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "android",
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14496"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
],
"trust": 0.6
},
"cve": "CVE-2017-14496",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14496",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2017-14496",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14496",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-742",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-14496",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an integer underflow vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities:\n1. A buffer-overflow vulnerability\n2. Multiple denial-of-service vulnerabilities\nAttackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. \nThis BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: dnsmasq security update\nAdvisory ID: RHSA-2017:2836-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2836\nIssue date: 2017-10-02\nCVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 \n CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 \n=====================================================================\n\n1. Summary:\n\nAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name\nServer) forwarder and DHCP (Dynamic Host Configuration Protocol) server. \n\nSecurity Fix(es):\n\n* A heap buffer overflow was found in dnsmasq in the code responsible for\nbuilding DNS replies. An attacker could send crafted DNS packets to dnsmasq\nwhich would cause it to crash or, potentially, execute arbitrary code. \n(CVE-2017-14491)\n\n* A heap buffer overflow was discovered in dnsmasq in the IPv6 router\nadvertisement (RA) handling code. This issue only affected\nconfigurations using one of these options: enable-ra, ra-only, slaac,\nra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)\n\n* A stack buffer overflow was found in dnsmasq in the DHCPv6 code. (CVE-2017-14493)\n\n* An information leak was found in dnsmasq in the DHCPv6 relay code. An\nattacker on the local network could send crafted DHCPv6 packets to dnsmasq\ncausing it to forward the contents of process memory, potentially leaking\nsensitive data. (CVE-2017-14494)\n\n* A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An\nattacker could send crafted DNS packets which would trigger memory\nallocations which would never be freed, leading to unbounded memory\nconsumption and eventually a crash. This issue only affected configurations\nusing one of the options: add-mac, add-cpe-id, or add-subnet. \n(CVE-2017-14495)\n\n* An integer underflow flaw leading to a buffer over-read was found in\ndnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to\ndnsmasq which would cause it to crash. This issue only affected\nconfigurations using one of the options: add-mac, add-cpe-id, or\nadd-subnet. (CVE-2017-14496)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. \nSerna (Google Security Team), Gabriel Campana (Google Security Team), Kevin\nHamacher (Google Security Team), and Ron Bowes (Google Security Team) for\nreporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies\n1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code\n1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code\n1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code\n1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code\n1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\naarch64:\ndnsmasq-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-utils-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-14491\nhttps://access.redhat.com/security/cve/CVE-2017-14492\nhttps://access.redhat.com/security/cve/CVE-2017-14493\nhttps://access.redhat.com/security/cve/CVE-2017-14494\nhttps://access.redhat.com/security/cve/CVE-2017-14495\nhttps://access.redhat.com/security/cve/CVE-2017-14496\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/security/vulnerabilities/3199382\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX\nSfoCV7+qG2nwqlHKLZOlhIU=\n=iWfU\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n===========================================================================\nUbuntu Security Notice USN-3430-3\nJanuary 04, 2018\n\ndnsmasq regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3430-2 introduced regression in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nUSN-3430-2 fixed several vulnerabilities. The update introduced a new\nregression that breaks DNS resolution. This update addresses the\nproblem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. \n(CVE-2017-14491)\n\nFelix Wilhelm, Fermin J. (CVE-2017-14492)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 requests. \n(CVE-2017-14493)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14495)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dnsmasq=C2=A02.59-4ubuntu0.4\n dnsmasq-base2.59-4ubuntu0.4\n dnsmasq-utils2.59-4ubuntu0.4\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.78 \u003e= 2.78 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.78\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-14491\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491\n[ 2 ] CVE-2017-14492\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492\n[ 3 ] CVE-2017-14493\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493\n[ 4 ] CVE-2017-14494\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494\n[ 5 ] CVE-2017-14495\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495\n[ 6 ] CVE-2017-14496\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
}
],
"trust": 3.42
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42946",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14496"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-14496",
"trust": 3.6
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 2.0
},
{
"db": "BID",
"id": "101977",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-689071",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42946",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-742",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-14496",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144490",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144706",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
]
},
"id": "VAR-201710-0452",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-26T00:11:30.413000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Android Security Bulletin-October 2017",
"trust": 0.8,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"title": "DSA-3989",
"trust": 0.8,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"title": "Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for \u201cBlueBorne\u201d and \u201cDnsmasq\u201d.",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"title": "openSUSE-SU-2017:2633",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"title": "RHSA-2017:2836",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"title": "CHANGELOG",
"trust": 0.8,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"title": "Security fix, CVE-2017-14496, Integer underflow in DNS response creation.",
"trust": 0.8,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7"
},
{
"title": "USN-3430-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-2/"
},
{
"title": "USN-3430-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-1/"
},
{
"title": "dnsmasq: Multiple Critical and Important vulnerabilities",
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/03/october_android_patches/"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172836 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS query",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fa8aad66cae5df51d49e1cdce2fe4a42"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-14496"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-2"
},
{
"title": "Ubuntu Security Notice: dnsmasq regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-3"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-1"
},
{
"title": "Debian Security Advisories: DSA-3989-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c18698ecfe74c7de381531f8ed44dcf"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=7f490a104360d6f65bee18ec7bfa18a3"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1251"
},
{
"title": "Amazon Linux AMI: ALAS-2017-907",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-907"
},
{
"title": "Arch Linux Advisories: [ASA-201710-1] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-1"
},
{
"title": "Android Security Bulletins: Android Security Bulletin\u2014October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins\u0026qid=b392dd6315d6fbd5f702d9c6d94af9ba"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "Safe libc",
"trust": 0.1,
"url": "https://github.com/introspection-libc/main "
},
{
"title": "What is this?\nHow does it work?\nHow to build the toolchain\nHow to build a program using the safe libc\nAnd in the real world?",
"trust": 0.1,
"url": "https://github.com/pekd/safe-libc "
},
{
"title": "What is this?\nHow does it work?\nHow to build the toolchain\nHow to build a program using the safe libc\nAnd in the real world?",
"trust": 0.1,
"url": "https://github.com/introspection-libc/safe-libc "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-191",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"db": "NVD",
"id": "CVE-2017-14496"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 2.0,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 2.0,
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 2.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.4,
"url": "http://www.ubuntu.com/usn/usn-3430-1"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14496"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/42946/"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3430-2"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/101977"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-005.txt"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=897c113fda0886a28a986cc6ba17bb93bd6cb1c7"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14496"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-332-01"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14491"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14494"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14492"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14493"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14495"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/191.html"
},
{
"trust": 0.1,
"url": "https://github.com/introspection-libc/main"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/introspection-libc/safe-libc"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1741262"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3430-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14495"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14491"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14496"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14494"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"date": "2017-11-28T00:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"date": "2017-10-03T20:21:00",
"db": "PACKETSTORM",
"id": "144490"
},
{
"date": "2017-10-03T05:19:24",
"db": "PACKETSTORM",
"id": "144484"
},
{
"date": "2018-01-04T17:50:40",
"db": "PACKETSTORM",
"id": "145652"
},
{
"date": "2017-10-02T13:13:00",
"db": "PACKETSTORM",
"id": "144469"
},
{
"date": "2017-10-23T13:54:05",
"db": "PACKETSTORM",
"id": "144706"
},
{
"date": "2017-10-03T01:29:02.200000",
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14496"
},
{
"date": "2019-05-15T17:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-11-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008623"
},
{
"date": "2023-11-07T02:39:01.783000",
"db": "NVD",
"id": "CVE-2017-14496"
},
{
"date": "2020-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101977"
},
{
"db": "BID",
"id": "101085"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-742"
}
],
"trust": 0.6
}
}
var-201710-1433
Vulnerability from variot
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities: 1. A buffer-overflow vulnerability 2. This BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities. =========================================================================== Ubuntu Security Notice USN-3430-3 January 04, 2018
dnsmasq regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3430-2 introduced regression in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem.
We apologize for the inconvenience.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14491)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled IPv6 router advertisements. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote attacker could use this issue to possibly obtain sensitive memory contents. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dnsmasq=C2=A02.59-4ubuntu0.4 dnsmasq-base2.59-4ubuntu0.4 dnsmasq-utils2.59-4ubuntu0.4
After a standard system update you need to reboot your computer to make all the necessary changes. 6) - i386, x86_64
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: dnsmasq security update Advisory ID: RHSA-2017:2839-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2839 Issue date: 2017-10-02 CVE Names: CVE-2017-14491 =====================================================================
- Summary:
An update for dnsmasq is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco Extended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.2) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.5) - x86_64 Red Hat Enterprise Linux Server TUS (v. 6.6) - x86_64
- Description:
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
- A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. (CVE-2017-14491)
Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies
- Package List:
Red Hat Enterprise Linux HPC Node EUS (v. 6.7):
Source: dnsmasq-2.48-16.el6_7.1.src.rpm
x86_64: dnsmasq-2.48-16.el6_7.1.x86_64.rpm dnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):
x86_64: dnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm dnsmasq-utils-2.48-16.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.2):
Source: dnsmasq-2.48-5.el6_2.2.src.rpm
x86_64: dnsmasq-2.48-5.el6_2.2.x86_64.rpm dnsmasq-debuginfo-2.48-5.el6_2.2.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.4):
Source: dnsmasq-2.48-13.el6_4.1.src.rpm
x86_64: dnsmasq-2.48-13.el6_4.1.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6_4.1.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.5):
Source: dnsmasq-2.48-13.el6_5.1.src.rpm
x86_64: dnsmasq-2.48-13.el6_5.1.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 6.5):
Source: dnsmasq-2.48-13.el6_5.1.src.rpm
x86_64: dnsmasq-2.48-13.el6_5.1.x86_64.rpm dnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 6.6):
Source: dnsmasq-2.48-14.el6_6.1.src.rpm
x86_64: dnsmasq-2.48-14.el6_6.1.x86_64.rpm dnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 6.6):
Source: dnsmasq-2.48-14.el6_6.1.src.rpm
x86_64: dnsmasq-2.48-14.el6_6.1.x86_64.rpm dnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 6.7):
Source: dnsmasq-2.48-16.el6_7.1.src.rpm
i386: dnsmasq-2.48-16.el6_7.1.i686.rpm dnsmasq-debuginfo-2.48-16.el6_7.1.i686.rpm
ppc64: dnsmasq-2.48-16.el6_7.1.ppc64.rpm dnsmasq-debuginfo-2.48-16.el6_7.1.ppc64.rpm
s390x: dnsmasq-2.48-16.el6_7.1.s390x.rpm dnsmasq-debuginfo-2.48-16.el6_7.1.s390x.rpm
x86_64: dnsmasq-2.48-16.el6_7.1.x86_64.rpm dnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.4):
Source: dnsmasq-2.48-13.el6_4.1.src.rpm
x86_64: dnsmasq-debuginfo-2.48-13.el6_4.1.x86_64.rpm dnsmasq-utils-2.48-13.el6_4.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.5):
Source: dnsmasq-2.48-13.el6_5.1.src.rpm
x86_64: dnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm dnsmasq-utils-2.48-13.el6_5.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 6.5):
Source: dnsmasq-2.48-13.el6_5.1.src.rpm
x86_64: dnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm dnsmasq-utils-2.48-13.el6_5.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 6.6):
x86_64: dnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm dnsmasq-utils-2.48-14.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 6.6):
x86_64: dnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm dnsmasq-utils-2.48-14.el6_6.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 6.7):
i386: dnsmasq-debuginfo-2.48-16.el6_7.1.i686.rpm dnsmasq-utils-2.48-16.el6_7.1.i686.rpm
ppc64: dnsmasq-debuginfo-2.48-16.el6_7.1.ppc64.rpm dnsmasq-utils-2.48-16.el6_7.1.ppc64.rpm
s390x: dnsmasq-debuginfo-2.48-16.el6_7.1.s390x.rpm dnsmasq-utils-2.48-16.el6_7.1.s390x.rpm
x86_64: dnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm dnsmasq-utils-2.48-16.el6_7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-14491 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3199382
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ0nLUXlSAg2UNWIIRAn39AKDCsn16dEmmA7DazjU2IOpWLIFp8QCeODoG 7t7GGwkabW2pC2Wcr35n/G8= =S/6b -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-1433",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.16"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "5.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.1.9"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.16"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.17"
},
{
"model": "geforce experience",
"scope": "gte",
"trust": 1.0,
"vendor": "nvidia",
"version": "3.0"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.17.8m"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ruggedcom rm1224",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "scalance w1750d",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5.1.5"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "honor v9 play",
"scope": "lt",
"trust": 1.0,
"vendor": "huawei",
"version": "jimmy-al00ac00b135"
},
{
"model": "linux enterprise point of sale",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "scalance m-800",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.3.0"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.0"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "12"
},
{
"model": "eos",
"scope": "gte",
"trust": 1.0,
"vendor": "arista",
"version": "4.18"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.1.0.0"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.0.0"
},
{
"model": "linux for tegra",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r21.6"
},
{
"model": "geforce experience",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "3.10.0.55"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.4.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "scalance s615",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.0"
},
{
"model": "linux enterprise debuginfo",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "linux enterprise server",
"scope": "eq",
"trust": 1.0,
"vendor": "suse",
"version": "11"
},
{
"model": "linux for tegra",
"scope": "lt",
"trust": 1.0,
"vendor": "nvidia",
"version": "r24.2.2"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.3.1.25"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "router manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "1.1"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.4.4.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "eos",
"scope": "lte",
"trust": 1.0,
"vendor": "arista",
"version": "4.15"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "8.1.0.4"
},
{
"model": "eos",
"scope": "lte",
"trust": 1.0,
"vendor": "arista",
"version": "4.18.4.2f"
},
{
"model": "arubaos",
"scope": "gte",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.3.1"
},
{
"model": "diskstation manager",
"scope": "eq",
"trust": 1.0,
"vendor": "synology",
"version": "6.1"
},
{
"model": "eos",
"scope": "lt",
"trust": 1.0,
"vendor": "arista",
"version": "4.16.13m"
},
{
"model": "arubaos",
"scope": "lt",
"trust": 1.0,
"vendor": "arubanetworks",
"version": "6.5.3.3"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "red hat enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "red hat enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "\u30ec\u30c3\u30c9\u30cf\u30c3\u30c8",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "dnsmasq",
"scope": null,
"trust": 0.8,
"vendor": "thekelleys",
"version": null
},
{
"model": "scalance w1750d",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance s615",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
},
{
"model": "scalance m800",
"scope": "eq",
"trust": 0.3,
"vendor": "siemens",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r21.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:jetson_tk1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "r24.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.10.0.55",
"versionStartIncluding": "3.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "jimmy-al00ac00b135",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.18.4.2f",
"versionStartIncluding": "4.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.17.8m",
"versionStartIncluding": "4.17",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.16.13m",
"versionStartIncluding": "4.16",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:ruggedcom_rm1224:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.1.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.0.4",
"versionStartIncluding": "8.1.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.4.2",
"versionStartIncluding": "6.5.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.3.3",
"versionStartIncluding": "6.5.3.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.5.1.9",
"versionStartIncluding": "6.5.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.4.4.16",
"versionStartIncluding": "6.4.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.3.1.25",
"versionStartIncluding": "6.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144482"
},
{
"db": "PACKETSTORM",
"id": "144472"
}
],
"trust": 0.4
},
"cve": "CVE-2017-14491",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14491",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14491",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14491",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-14491",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Exists in a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities:\n1. A buffer-overflow vulnerability\n2. \nThis BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities. \n===========================================================================\nUbuntu Security Notice USN-3430-3\nJanuary 04, 2018\n\ndnsmasq regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3430-2 introduced regression in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nUSN-3430-2 fixed several vulnerabilities. The update introduced a new\nregression that breaks DNS resolution. This update addresses the\nproblem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. \n(CVE-2017-14491)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled IPv6 router\nadvertisements. (CVE-2017-14492)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 requests. \n(CVE-2017-14493)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 packets. A remote\nattacker could use this issue to possibly obtain sensitive memory\ncontents. (CVE-2017-14494)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. A remote\nattacker could use this issue to cause Dnsmasq to consume memory,\nresulting in a denial of service. (CVE-2017-14495)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14496)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dnsmasq=C2=A02.59-4ubuntu0.4\n dnsmasq-base2.59-4ubuntu0.4\n dnsmasq-utils2.59-4ubuntu0.4\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 6) - i386, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: dnsmasq security update\nAdvisory ID: RHSA-2017:2839-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2839\nIssue date: 2017-10-02\nCVE Names: CVE-2017-14491 \n=====================================================================\n\n1. Summary:\n\nAn update for dnsmasq is now available for Red Hat Enterprise Linux 6.2\nAdvanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update\nSupport, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat\nEnterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise\nLinux 6.6 Advanced Update Support, Red Hat Enterprise Linux 6.6 Telco\nExtended Update Support, and Red Hat Enterprise Linux 6.7 Extended Update\nSupport. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.2) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7) - i386, ppc64, s390x, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.5) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 6.6) - x86_64\n\n3. Description:\n\nThe dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name\nServer) forwarder and DHCP (Dynamic Host Configuration Protocol) server. \n\nSecurity Fix(es):\n\n* A heap buffer overflow was found in dnsmasq in the code responsible for\nbuilding DNS replies. \n(CVE-2017-14491)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. \nSerna (Google Security Team), Gabriel Campana (Google Security Team), Kevin\nHamacher (Google Security Team), and Ron Bowes (Google Security Team) for\nreporting this issue. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies\n\n6. Package List:\n\nRed Hat Enterprise Linux HPC Node EUS (v. 6.7):\n\nSource:\ndnsmasq-2.48-16.el6_7.1.src.rpm\n\nx86_64:\ndnsmasq-2.48-16.el6_7.1.x86_64.rpm\ndnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux HPC Node Optional EUS (v. 6.7):\n\nx86_64:\ndnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm\ndnsmasq-utils-2.48-16.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.2):\n\nSource:\ndnsmasq-2.48-5.el6_2.2.src.rpm\n\nx86_64:\ndnsmasq-2.48-5.el6_2.2.x86_64.rpm\ndnsmasq-debuginfo-2.48-5.el6_2.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.4):\n\nSource:\ndnsmasq-2.48-13.el6_4.1.src.rpm\n\nx86_64:\ndnsmasq-2.48-13.el6_4.1.x86_64.rpm\ndnsmasq-debuginfo-2.48-13.el6_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.5):\n\nSource:\ndnsmasq-2.48-13.el6_5.1.src.rpm\n\nx86_64:\ndnsmasq-2.48-13.el6_5.1.x86_64.rpm\ndnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.5):\n\nSource:\ndnsmasq-2.48-13.el6_5.1.src.rpm\n\nx86_64:\ndnsmasq-2.48-13.el6_5.1.x86_64.rpm\ndnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 6.6):\n\nSource:\ndnsmasq-2.48-14.el6_6.1.src.rpm\n\nx86_64:\ndnsmasq-2.48-14.el6_6.1.x86_64.rpm\ndnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 6.6):\n\nSource:\ndnsmasq-2.48-14.el6_6.1.src.rpm\n\nx86_64:\ndnsmasq-2.48-14.el6_6.1.x86_64.rpm\ndnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 6.7):\n\nSource:\ndnsmasq-2.48-16.el6_7.1.src.rpm\n\ni386:\ndnsmasq-2.48-16.el6_7.1.i686.rpm\ndnsmasq-debuginfo-2.48-16.el6_7.1.i686.rpm\n\nppc64:\ndnsmasq-2.48-16.el6_7.1.ppc64.rpm\ndnsmasq-debuginfo-2.48-16.el6_7.1.ppc64.rpm\n\ns390x:\ndnsmasq-2.48-16.el6_7.1.s390x.rpm\ndnsmasq-debuginfo-2.48-16.el6_7.1.s390x.rpm\n\nx86_64:\ndnsmasq-2.48-16.el6_7.1.x86_64.rpm\ndnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.4):\n\nSource:\ndnsmasq-2.48-13.el6_4.1.src.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.48-13.el6_4.1.x86_64.rpm\ndnsmasq-utils-2.48-13.el6_4.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.5):\n\nSource:\ndnsmasq-2.48-13.el6_5.1.src.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm\ndnsmasq-utils-2.48-13.el6_5.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.5):\n\nSource:\ndnsmasq-2.48-13.el6_5.1.src.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.48-13.el6_5.1.x86_64.rpm\ndnsmasq-utils-2.48-13.el6_5.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 6.6):\n\nx86_64:\ndnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm\ndnsmasq-utils-2.48-14.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 6.6):\n\nx86_64:\ndnsmasq-debuginfo-2.48-14.el6_6.1.x86_64.rpm\ndnsmasq-utils-2.48-14.el6_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 6.7):\n\ni386:\ndnsmasq-debuginfo-2.48-16.el6_7.1.i686.rpm\ndnsmasq-utils-2.48-16.el6_7.1.i686.rpm\n\nppc64:\ndnsmasq-debuginfo-2.48-16.el6_7.1.ppc64.rpm\ndnsmasq-utils-2.48-16.el6_7.1.ppc64.rpm\n\ns390x:\ndnsmasq-debuginfo-2.48-16.el6_7.1.s390x.rpm\ndnsmasq-utils-2.48-16.el6_7.1.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.48-16.el6_7.1.x86_64.rpm\ndnsmasq-utils-2.48-16.el6_7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-14491\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/security/vulnerabilities/3199382\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ0nLUXlSAg2UNWIIRAn39AKDCsn16dEmmA7DazjU2IOpWLIFp8QCeODoG\n7t7GGwkabW2pC2Wcr35n/G8=\n=S/6b\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14491"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144482"
},
{
"db": "PACKETSTORM",
"id": "144472"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42941",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14491"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-14491",
"trust": 3.6
},
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 2.7
},
{
"db": "BID",
"id": "101977",
"trust": 1.4
},
{
"db": "BID",
"id": "101085",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-689071",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "144480",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42941",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-24-074-07",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU93656033",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618",
"trust": 0.8
},
{
"db": "VULMON",
"id": "CVE-2017-14491",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144490",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144474",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144481",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144482",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144472",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144482"
},
{
"db": "PACKETSTORM",
"id": "144472"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"id": "VAR-201710-1433",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.466444625
},
"last_update_date": "2024-07-23T19:53:25.247000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple\u00a0Critical\u00a0and\u00a0Important\u00a0vulnerabilities",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-1/"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172838 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172841 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172840 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172839 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172837 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172836 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS query",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=fa8aad66cae5df51d49e1cdce2fe4a42"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-14491"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-2"
},
{
"title": "Ubuntu Security Notice: dnsmasq regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-3"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-1"
},
{
"title": "Debian Security Advisories: DSA-3989-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c18698ecfe74c7de381531f8ed44dcf"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=7f490a104360d6f65bee18ec7bfa18a3"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1251"
},
{
"title": "Arch Linux Advisories: [ASA-201710-1] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-1"
},
{
"title": "Amazon Linux AMI: ALAS-2017-907",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-907"
},
{
"title": "Oracle VM Server for x86 Bulletins: Oracle VM Server for x86 Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_vm_server_for_x86_bulletins\u0026qid=b1921e7bf61366a1d7f889a7cdefa932"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/suhaad79/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/calvinkkd/aws-k8s-kkd-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/simonelle/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/scholzj/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/bisiman2/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/honey336/-aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible -1\naws-k8s-kops-ansible\naws-k8s-kops-ansible\naws-k8s-kops-ansible\naws-k8s-kops-ansible",
"trust": 0.1,
"url": "https://github.com/andreadote/aws-k8s-kops-ansible "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/ravitejaadepudi/kopscluster "
},
{
"title": "Kubernetes setup on Amazon AWS using Kops and Ansible",
"trust": 0.1,
"url": "https://github.com/lorerunner/devops_kubenerates_aws "
},
{
"title": "Kaosagnt\u0027s Ansible Everyday Utils",
"trust": 0.1,
"url": "https://github.com/kaosagnt/ansible-everyday "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Buffer error (CWE-119) [NVD evaluation ]",
"trust": 0.8
},
{
"problemtype": " Heap-based buffer overflow (CWE-122) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 2.0,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 1.9,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 1.5,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14491"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/errata/rhsa-2017:2838"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-3430-1"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/42941/"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2841"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2840"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2839"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3430-2"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3430-3"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/101977"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-005.txt"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4560"
},
{
"trust": 1.1,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"
},
{
"trust": 1.1,
"url": "https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/144480/dnsmasq-2-byte-heap-based-overflow.html"
},
{
"trust": 1.1,
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"
},
{
"trust": 1.1,
"url": "https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5mmpcjoyppl4b5rby4u425pwg7eetdtd/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/yxrz2w6tv6nlujc5nofbsg6pzsmdtypv/"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527knn34rn2sb6mbjg7cksebwye3tjeb/"
},
{
"trust": 1.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 0.8,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93656033/index.html"
},
{
"trust": 0.8,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-07"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 0.3,
"url": "http://subscriber.communications.siemens.com/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14496"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14494"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14492"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14493"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14495"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://github.com/suhaad79/aws-k8s-kops-ansible"
},
{
"trust": 0.1,
"url": "https://github.com/scholzj/aws-k8s-kops-ansible"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1741262"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144482"
},
{
"db": "PACKETSTORM",
"id": "144472"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"db": "BID",
"id": "101977"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144482"
},
{
"db": "PACKETSTORM",
"id": "144472"
},
{
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-04T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"date": "2017-11-28T00:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"date": "2017-10-03T20:21:00",
"db": "PACKETSTORM",
"id": "144490"
},
{
"date": "2018-01-04T17:50:40",
"db": "PACKETSTORM",
"id": "145652"
},
{
"date": "2017-10-02T08:55:00",
"db": "PACKETSTORM",
"id": "144474"
},
{
"date": "2017-10-03T05:18:12",
"db": "PACKETSTORM",
"id": "144481"
},
{
"date": "2017-10-03T05:18:27",
"db": "PACKETSTORM",
"id": "144482"
},
{
"date": "2017-10-02T08:33:00",
"db": "PACKETSTORM",
"id": "144472"
},
{
"date": "2017-10-04T01:29:02.870000",
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14491"
},
{
"date": "2019-05-15T17:00:00",
"db": "BID",
"id": "101977"
},
{
"date": "2024-03-22T07:54:00",
"db": "JVNDB",
"id": "JVNDB-2017-008618"
},
{
"date": "2023-11-07T02:39:01.190000",
"db": "NVD",
"id": "CVE-2017-14491"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "101977"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow, arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "144474"
},
{
"db": "PACKETSTORM",
"id": "144481"
},
{
"db": "PACKETSTORM",
"id": "144482"
},
{
"db": "PACKETSTORM",
"id": "144472"
}
],
"trust": 0.4
}
}
var-201710-0450
Vulnerability from variot
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an information disclosure vulnerability.Information may be obtained. Attackers can exploit these issues to execute arbitrary code within the context of the affected application, bypass the ASLR, gain sensitive information, or cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: dnsmasq security update Advisory ID: RHSA-2017:2836-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2017:2836 Issue date: 2017-10-02 CVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 =====================================================================
- Summary:
An update for dnsmasq is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
-
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. (CVE-2017-14491)
-
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)
-
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. (CVE-2017-14493)
-
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. (CVE-2017-14494)
-
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14495)
-
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. (CVE-2017-14496)
Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting these issues.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies 1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code 1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code 1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code 1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code 1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
aarch64: dnsmasq-2.76-2.el7_4.2.aarch64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-2.76-2.el7_4.2.ppc64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-2.76-2.el7_4.2.s390x.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
aarch64: dnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm dnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm
ppc64: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm
ppc64le: dnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm dnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm
s390x: dnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm dnsmasq-utils-2.76-2.el7_4.2.s390x.rpm
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: dnsmasq-2.76-2.el7_4.2.src.rpm
x86_64: dnsmasq-2.76-2.el7_4.2.x86_64.rpm dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: dnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm dnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2017-14491 https://access.redhat.com/security/cve/CVE-2017-14492 https://access.redhat.com/security/cve/CVE-2017-14493 https://access.redhat.com/security/cve/CVE-2017-14494 https://access.redhat.com/security/cve/CVE-2017-14495 https://access.redhat.com/security/cve/CVE-2017-14496 https://access.redhat.com/security/updates/classification/#critical https://access.redhat.com/security/vulnerabilities/3199382
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2017 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX SfoCV7+qG2nwqlHKLZOlhIU= =iWfU -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . =========================================================================== Ubuntu Security Notice USN-3430-3 January 04, 2018
dnsmasq regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
USN-3430-2 introduced regression in Dnsmasq.
Software Description: - dnsmasq: Small caching DNS proxy and DHCP/TFTP server
Details:
USN-3430-2 fixed several vulnerabilities. The update introduced a new regression that breaks DNS resolution. This update addresses the problem.
We apologize for the inconvenience.
Original advisory details:
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. (CVE-2017-14491)
Felix Wilhelm, Fermin J. (CVE-2017-14492)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 requests. (CVE-2017-14493)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to consume memory, resulting in a denial of service. (CVE-2017-14495)
Felix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher discovered that Dnsmasq incorrectly handled DNS requests. A remote attacker could use this issue to cause Dnsmasq to crash, resulting in a denial of service. (CVE-2017-14496)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: dnsmasq=C2=A02.59-4ubuntu0.4 dnsmasq-base2.59-4ubuntu0.4 dnsmasq-utils2.59-4ubuntu0.4
After a standard system update you need to reboot your computer to make all the necessary changes. 7.3) - ppc64, ppc64le, s390x, x86_64
-
Gentoo Linux Security Advisory GLSA 201710-27
https://security.gentoo.org/
Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: October 23, 2017 Bugs: #632692 ID: 201710-27
Synopsis
Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-dns/dnsmasq < 2.78 >= 2.78
Description
Multiple vulnerabilities have been discovered in Dnsmasq.
Workaround
There is no known workaround at this time.
Resolution
All Dnsmasq users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.78"
References
[ 1 ] CVE-2017-14491 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491 [ 2 ] CVE-2017-14492 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492 [ 3 ] CVE-2017-14493 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493 [ 4 ] CVE-2017-14494 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494 [ 5 ] CVE-2017-14495 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495 [ 6 ] CVE-2017-14496 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201710-27
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0450",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "dnsmasq",
"scope": "lte",
"trust": 1.0,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.04"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.1"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "novell",
"version": "42.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.9,
"vendor": "thekelleys",
"version": "2.77"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ruckus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dnsmasq",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "leap",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "dnsmasq",
"scope": "lt",
"trust": 0.8,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "enterprise linux desktop",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux workstation",
"scope": null,
"trust": 0.8,
"vendor": "red hat",
"version": null
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.6,
"vendor": "redhat",
"version": "-47.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "17.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "16.04"
},
{
"model": "linux lts",
"scope": "eq",
"trust": 0.3,
"vendor": "ubuntu",
"version": "14.04"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.75"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.72"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.71"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.70"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.65"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.64"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.63"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.62"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.61"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.60"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.59"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.58"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.57"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.56"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.55"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.54"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.53"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.52"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.51"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.50"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.49"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.48"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.47"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.46"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.45"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.44"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.43"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.42"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.41"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.40"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.38"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.37"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.36"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.35"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.34"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.33"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.30"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.29"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.28"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.27"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.26"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.25"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.24"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.23"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.22"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.21"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.20"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.2"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.19"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.9"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.8"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.4"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.3"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.18"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.17"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.16"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.15"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.14"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.13"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.12"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.11"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.10"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "1.0"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.996"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.992"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.98"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.96"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.95"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.7"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.6"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.5"
},
{
"model": "dnsmasq",
"scope": "eq",
"trust": 0.3,
"vendor": "thekelleys",
"version": "0.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.2"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "14.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server optional aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server for arm",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux server eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.6"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.5"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server extended update suppor",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux server year extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.2"
},
{
"model": "enterprise linux server year extended upd",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-47.3"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5"
},
{
"model": "enterprise linux long life server",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "5.9"
},
{
"model": "enterprise linux hpc node optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux hpc node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux for scientific computing",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update supp",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power little endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for power big endian",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power little endian extended update suppo",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for power big endian extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.4"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.3"
},
{
"model": "enterprise linux for ibm z systems extended update support",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "-7.2"
},
{
"model": "enterprise linux for ibm z systems",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux eus compute node",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux desktop optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "6"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode optional eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode optional",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.3"
},
{
"model": "enterprise linux computenode eus",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7.2"
},
{
"model": "enterprise linux computenode",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "7"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "oracle",
"version": "6"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.3"
},
{
"model": "leap",
"scope": "eq",
"trust": 0.3,
"vendor": "opensuse",
"version": "42.2"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.10"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.7"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5"
},
{
"model": "kubernetes",
"scope": "eq",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.1.1"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "5.0.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "4.4.4"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "8.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.1.2"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "7.0"
},
{
"model": "android",
"scope": "eq",
"trust": 0.3,
"vendor": "google",
"version": "6.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 0.3,
"vendor": "fedoraproject",
"version": "27"
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-30",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "7"
},
{
"model": "centos",
"scope": "eq",
"trust": 0.3,
"vendor": "centos",
"version": "6"
},
{
"model": "dnsmasq",
"scope": "ne",
"trust": 0.3,
"vendor": "thekelleys",
"version": "2.78"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.8"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.7.7"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.6.11"
},
{
"model": "kubernetes",
"scope": "ne",
"trust": 0.3,
"vendor": "kubernetes",
"version": "1.5.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.77",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14494"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
],
"trust": 0.6
},
"cve": "CVE-2017-14494",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-14494",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-14494",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-14494",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-14494",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an information disclosure vulnerability.Information may be obtained. \nAttackers can exploit these issues to execute arbitrary code within the context of the affected application, bypass the ASLR, gain sensitive information, or cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: dnsmasq security update\nAdvisory ID: RHSA-2017:2836-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2017:2836\nIssue date: 2017-10-02\nCVE Names: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 \n CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 \n=====================================================================\n\n1. Summary:\n\nAn update for dnsmasq is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Critical. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - aarch64, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nThe dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name\nServer) forwarder and DHCP (Dynamic Host Configuration Protocol) server. \n\nSecurity Fix(es):\n\n* A heap buffer overflow was found in dnsmasq in the code responsible for\nbuilding DNS replies. An attacker could send crafted DNS packets to dnsmasq\nwhich would cause it to crash or, potentially, execute arbitrary code. \n(CVE-2017-14491)\n\n* A heap buffer overflow was discovered in dnsmasq in the IPv6 router\nadvertisement (RA) handling code. An attacker on the local network segment\ncould send crafted RAs to dnsmasq which would cause it to crash or,\npotentially, execute arbitrary code. This issue only affected\nconfigurations using one of these options: enable-ra, ra-only, slaac,\nra-names, ra-advrouter, or ra-stateless. (CVE-2017-14492)\n\n* A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An\nattacker on the local network could send a crafted DHCPv6 request to\ndnsmasq which would cause it to a crash or, potentially, execute arbitrary\ncode. (CVE-2017-14493)\n\n* An information leak was found in dnsmasq in the DHCPv6 relay code. An\nattacker on the local network could send crafted DHCPv6 packets to dnsmasq\ncausing it to forward the contents of process memory, potentially leaking\nsensitive data. (CVE-2017-14494)\n\n* A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An\nattacker could send crafted DNS packets which would trigger memory\nallocations which would never be freed, leading to unbounded memory\nconsumption and eventually a crash. This issue only affected configurations\nusing one of the options: add-mac, add-cpe-id, or add-subnet. \n(CVE-2017-14495)\n\n* An integer underflow flaw leading to a buffer over-read was found in\ndnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to\ndnsmasq which would cause it to crash. This issue only affected\nconfigurations using one of the options: add-mac, add-cpe-id, or\nadd-subnet. (CVE-2017-14496)\n\nRed Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. \nSerna (Google Security Team), Gabriel Campana (Google Security Team), Kevin\nHamacher (Google Security Team), and Ron Bowes (Google Security Team) for\nreporting these issues. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1495409 - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies\n1495410 - CVE-2017-14492 dnsmasq: heap overflow in the IPv6 router advertisement code\n1495411 - CVE-2017-14493 dnsmasq: stack buffer overflow in the DHCPv6 code\n1495412 - CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code\n1495415 - CVE-2017-14495 dnsmasq: memory exhaustion vulnerability in the EDNS0 code\n1495416 - CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code\n\n6. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\naarch64:\ndnsmasq-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\naarch64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.aarch64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.aarch64.rpm\n\nppc64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64.rpm\n\nppc64le:\ndnsmasq-debuginfo-2.76-2.el7_4.2.ppc64le.rpm\ndnsmasq-utils-2.76-2.el7_4.2.ppc64le.rpm\n\ns390x:\ndnsmasq-debuginfo-2.76-2.el7_4.2.s390x.rpm\ndnsmasq-utils-2.76-2.el7_4.2.s390x.rpm\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\ndnsmasq-2.76-2.el7_4.2.src.rpm\n\nx86_64:\ndnsmasq-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\ndnsmasq-debuginfo-2.76-2.el7_4.2.x86_64.rpm\ndnsmasq-utils-2.76-2.el7_4.2.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2017-14491\nhttps://access.redhat.com/security/cve/CVE-2017-14492\nhttps://access.redhat.com/security/cve/CVE-2017-14493\nhttps://access.redhat.com/security/cve/CVE-2017-14494\nhttps://access.redhat.com/security/cve/CVE-2017-14495\nhttps://access.redhat.com/security/cve/CVE-2017-14496\nhttps://access.redhat.com/security/updates/classification/#critical\nhttps://access.redhat.com/security/vulnerabilities/3199382\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2017 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niD8DBQFZ0opYXlSAg2UNWIIRAr0dAJ9rIL1FgNTJUf2I9jjKFFlfkCd/kwCfV+bX\nSfoCV7+qG2nwqlHKLZOlhIU=\n=iWfU\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n===========================================================================\nUbuntu Security Notice USN-3430-3\nJanuary 04, 2018\n\ndnsmasq regression\n===========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nUSN-3430-2 introduced regression in Dnsmasq. \n\nSoftware Description:\n- dnsmasq: Small caching DNS proxy and DHCP/TFTP server\n\nDetails:\n\nUSN-3430-2 fixed several vulnerabilities. The update introduced a new\nregression that breaks DNS resolution. This update addresses the\nproblem. \n\nWe apologize for the inconvenience. \n\nOriginal advisory details:\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. \n(CVE-2017-14491)\n\nFelix Wilhelm, Fermin J. (CVE-2017-14492)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 requests. \n(CVE-2017-14493)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DHCPv6 packets. (CVE-2017-14494)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. A remote\nattacker could use this issue to cause Dnsmasq to consume memory,\nresulting in a denial of service. (CVE-2017-14495)\n\nFelix Wilhelm, Fermin J. Serna, Gabriel Campana and Kevin Hamacher\ndiscovered that Dnsmasq incorrectly handled DNS requests. A remote\nattacker could use this issue to cause Dnsmasq to crash, resulting in\na denial of service. (CVE-2017-14496)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n dnsmasq=C2=A02.59-4ubuntu0.4\n dnsmasq-base2.59-4ubuntu0.4\n dnsmasq-utils2.59-4ubuntu0.4\n\nAfter a standard system update you need to reboot your computer to make\nall the necessary changes. 7.3) - ppc64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201710-27\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Dnsmasq: Multiple vulnerabilities\n Date: October 23, 2017\n Bugs: #632692\n ID: 201710-27\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Dnsmasq, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-dns/dnsmasq \u003c 2.78 \u003e= 2.78 \n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.78\"\n\nReferences\n==========\n\n[ 1 ] CVE-2017-14491\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14491\n[ 2 ] CVE-2017-14492\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14492\n[ 3 ] CVE-2017-14493\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14493\n[ 4 ] CVE-2017-14494\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14494\n[ 5 ] CVE-2017-14495\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14495\n[ 6 ] CVE-2017-14496\n https://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-14496\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201710-27\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2017 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=42944",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14494"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2017-14494",
"trust": 3.4
},
{
"db": "BID",
"id": "101085",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1039474",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "42944",
"trust": 1.1
},
{
"db": "ICS CERT",
"id": "ICSA-17-332-01",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU93453933",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-744",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-14494",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144490",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144484",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "145652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144477",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144469",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "144706",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"id": "VAR-201710-0450",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.24812031
},
"last_update_date": "2023-12-26T00:11:30.615000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-3989",
"trust": 0.8,
"url": "https://www.debian.org/security/2017/dsa-3989"
},
{
"title": "Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for \u201cBlueBorne\u201d and \u201cDnsmasq\u201d.",
"trust": 0.8,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"title": "openSUSE-SU-2017:2633",
"trust": 0.8,
"url": "https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"title": "RHSA-2017:2836",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"title": "RHSA-2017:2837",
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"title": "CHANGELOG",
"trust": 0.8,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"title": "Security fix, CVE-2017-14494, Infoleak handling DHCPv6 forwarded requests.",
"trust": 0.8,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262"
},
{
"title": "USN-3430-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-2/"
},
{
"title": "USN-3430-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/usn/usn-3430-1/"
},
{
"title": "dnsmasq: Multiple Critical and Important vulnerabilities",
"trust": 0.8,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"title": "Dnsmasq Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92840"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172837 - security advisory"
},
{
"title": "Red Hat: Critical: dnsmasq security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20172836 - security advisory"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2017-14494"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-2"
},
{
"title": "Ubuntu Security Notice: dnsmasq regression",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-3"
},
{
"title": "Ubuntu Security Notice: dnsmasq vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3430-1"
},
{
"title": "Debian Security Advisories: DSA-3989-1 dnsmasq -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=5c18698ecfe74c7de381531f8ed44dcf"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1251",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1251"
},
{
"title": "Amazon Linux AMI: ALAS-2017-907",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2017-907"
},
{
"title": "Arch Linux Advisories: [ASA-201710-1] dnsmasq: multiple issues",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories\u0026qid=asa-201710-1"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=6283337cd31f81f24d445925f2138c0e"
},
{
"title": "Oracle Linux Bulletins: Oracle Linux Bulletin - October 2017",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_linux_bulletins\u0026qid=7251d5e5f2b1771951980ad7cfde50ba"
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/lnick2023/nicenice "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "Awesome CVE PoC",
"trust": 0.1,
"url": "https://github.com/qazbnm456/awesome-cve-poc "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "NVD",
"id": "CVE-2017-14494"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.kb.cert.org/vuls/id/973527"
},
{
"trust": 2.8,
"url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/101085"
},
{
"trust": 2.2,
"url": "https://access.redhat.com/errata/rhsa-2017:2837"
},
{
"trust": 2.1,
"url": "https://access.redhat.com/errata/rhsa-2017:2836"
},
{
"trust": 2.0,
"url": "http://www.debian.org/security/2017/dsa-3989"
},
{
"trust": 1.7,
"url": "http://www.thekelleys.org.uk/dnsmasq/doc.html"
},
{
"trust": 1.4,
"url": "http://www.ubuntu.com/usn/usn-3430-1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14494"
},
{
"trust": 1.3,
"url": "https://access.redhat.com/security/vulnerabilities/3199382"
},
{
"trust": 1.2,
"url": "https://www.exploit-db.com/exploits/42944/"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-3430-2"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201710-27"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1039474"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"
},
{
"trust": 1.1,
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"
},
{
"trust": 1.1,
"url": "https://www.synology.com/support/security/synology_sa_17_59_dnsmasq"
},
{
"trust": 1.1,
"url": "http://www.arubanetworks.com/assets/alert/aruba-psa-2017-005.txt"
},
{
"trust": 1.1,
"url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=33e3f1029c9ec6c63e430ff51063a6301d4b2262"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"
},
{
"trust": 1.1,
"url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14491"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14492"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14493"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14494"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14495"
},
{
"trust": 1.0,
"url": "https://access.redhat.com/security/cve/cve-2017-14496"
},
{
"trust": 0.9,
"url": "http://www.thekelleys.org.uk/dnsmasq/changelog"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py"
},
{
"trust": 0.9,
"url": "https://github.com/kubernetes/kubernetes/blob/master/changelog.md"
},
{
"trust": 0.9,
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2017\u0026m=slackware-security.601472"
},
{
"trust": 0.9,
"url": "https://source.android.com/security/bulletin/2017-10-01"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495410"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495412"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495415"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495416"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495510"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2017-13704"
},
{
"trust": 0.9,
"url": "https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py"
},
{
"trust": 0.9,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-332-01"
},
{
"trust": 0.8,
"url": "https://www.ruckuswireless.com/security"
},
{
"trust": 0.8,
"url": "https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14494"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93453933/index.html"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14491"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14492"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14493"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14496"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14495"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=55497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/3430-2/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1741262"
},
{
"trust": 0.1,
"url": "https://www.ubuntu.com/usn/usn-3430-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.76-5ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.75-1ubuntu0.16.04.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/dnsmasq/2.68-1ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14495"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14493"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14492"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14491"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14496"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/nvd.cfm?cvename=cve-2017-14494"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#973527"
},
{
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"db": "BID",
"id": "101085"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"db": "PACKETSTORM",
"id": "144490"
},
{
"db": "PACKETSTORM",
"id": "144484"
},
{
"db": "PACKETSTORM",
"id": "145652"
},
{
"db": "PACKETSTORM",
"id": "144477"
},
{
"db": "PACKETSTORM",
"id": "144469"
},
{
"db": "PACKETSTORM",
"id": "144706"
},
{
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2017-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"date": "2017-10-03T20:21:00",
"db": "PACKETSTORM",
"id": "144490"
},
{
"date": "2017-10-03T05:19:24",
"db": "PACKETSTORM",
"id": "144484"
},
{
"date": "2018-01-04T17:50:40",
"db": "PACKETSTORM",
"id": "145652"
},
{
"date": "2017-10-02T11:11:00",
"db": "PACKETSTORM",
"id": "144477"
},
{
"date": "2017-10-02T13:13:00",
"db": "PACKETSTORM",
"id": "144469"
},
{
"date": "2017-10-23T13:54:05",
"db": "PACKETSTORM",
"id": "144706"
},
{
"date": "2017-10-03T01:29:02.107000",
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-02T00:00:00",
"db": "CERT/CC",
"id": "VU#973527"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2017-14494"
},
{
"date": "2017-10-02T00:00:00",
"db": "BID",
"id": "101085"
},
{
"date": "2017-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008621"
},
{
"date": "2023-11-07T02:39:01.600000",
"db": "NVD",
"id": "CVE-2017-14494"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dnsmasq contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#973527"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-744"
}
],
"trust": 0.6
}
}