CVE-2019-11247

{"id": "CVE-2019-11247", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "jordan@liggitt.net", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.0, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2019-08-29T01:15:11.287", "references": [{"url": "https://access.redhat.com/errata/RHBA-2019:2816", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://access.redhat.com/errata/RHBA-2019:2824", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2690", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2769", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://github.com/kubernetes/kubernetes/issues/80983", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://security.netapp.com/advisory/ntap-20190919-0003/", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "jordan@liggitt.net", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The Kubernetes kube-apiserver mistakenly allows access to a cluster-scoped custom resource if the request is made as if the resource were namespaced. Authorizations for the resource accessed in this manner are enforced using roles and role bindings within the namespace, meaning that a user with access only to a resource in one namespace could create, view update or delete the cluster-scoped resource (according to their namespace role privileges). Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."}, {"lang": "es", "value": "El kube-apiserver de Kubernetes permite por error el acceso a un recurso personalizado de \u00e1mbito de cl\u00faster si la solicitud se realiza como si el recurso estuviera con espacio de nombres. Las autorizaciones para el recurso al que se tiene acceso de esta manera se aplican mediante roles y enlaces de roles dentro del espacio de nombres, lo que significa que un usuario con acceso solo a un recurso en un espacio de nombres podr\u00eda crear, ver actualizar o eliminar el recurso de \u00e1mbito de cl\u00faster (seg\u00fan sus privilegios de rol de espacio de nombres). Las versiones afectadas de Kubernetes incluyen versiones anteriores a 1.13.9, versiones anteriores a 1.14.5, versiones anteriores a 1.15.2 y versiones 1.7, 1.8, 1.9, 1.10, 1.11, 1.12."}], "lastModified": "2020-10-02T16:21:57.087", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A582FE75-D84B-4C8F-B836-95FB15F68EBA", "versionEndIncluding": "1.12.10", "versionStartIncluding": "1.7.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14126DA1-4F03-43D3-BD14-0BE06EC8F4E5", "versionEndExcluding": "1.13.9", "versionStartIncluding": "1.13.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E10D117F-F0C4-4355-98E3-BB4A401258DE", "versionEndExcluding": "1.14.5", "versionStartIncluding": "1.14.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2BECD4DB-0E6B-4C4A-B714-F6E4724BD0F6", "versionEndExcluding": "1.15.2", "versionStartIncluding": "1.15.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.12.11:beta0:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EAFE32A-5295-4A4B-9EC1-A1DB3CAE3DC8"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "309CB6F8-F178-454C-BE97-787F78647C28"}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DBCD38F-BBE8-488C-A8C3-5782F191D915"}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"}], "operator": "OR"}]}], "sourceIdentifier": "jordan@liggitt.net"}