CVE-2019-11252

Summary

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes1.16affected
KubernetesKubernetes1.17affected
KubernetesKubernetes1.6affected
KubernetesKubernetes1.7affected
KubernetesKubernetes1.8affected
KubernetesKubernetes1.9affected
KubernetesKubernetes1.10affected
KubernetesKubernetes1.11affected
KubernetesKubernetes1.12affected
KubernetesKubernetes1.13affected
KubernetesKubernetes1.14affected
KubernetesKubernetes1.15affected

Weaknesses

  • CWE-209: CWE-209 Information Exposure Through an Error Message

ADP Enrichment

CVE Program Container

Additional References

References