Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1NzUtcGdobS02cXF4
Kubernetes Unsafe Cacheing
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1NzUtcGdobS02cXF4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago
CVSS Score: 5.0
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
Identifiers: GHSA-2575-pghm-6qqx, CVE-2019-11244
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-11244
- https://github.com/kubernetes/kubernetes/issues/76676
- https://github.com/kubernetes/kubernetes/pull/77874
- https://github.com/kubernetes/kubernetes/pull/77874/commits/f228ae3364729caed59087e23c42868454bc3ff4
- https://github.com/kubernetes/client-go/commit/790a4f63632139cf6731014d00a9a8338f1fbd7d
- https://access.redhat.com/errata/RHSA-2019:3942
- https://access.redhat.com/errata/RHSA-2020:0020
- https://access.redhat.com/errata/RHSA-2020:0074
- https://security.netapp.com/advisory/ntap-20190509-0002/
- http://www.securityfocus.com/bid/108064
- https://github.com/advisories/GHSA-2575-pghm-6qqx
Blast Radius: 23.2
Affected Packages
go:k8s.io/client-go
Dependent packages: 26,126Dependent repositories: 44,291
Downloads:
Affected Version Ranges: >= 1.8.0, < 1.12.9
Fixed in: 1.12.9
All affected versions:
All unaffected versions: 0.15.7, 0.15.8, 0.15.9, 0.15.10, 0.15.11, 0.15.12, 0.16.4, 0.16.5, 0.16.6, 0.16.7, 0.16.8, 0.16.9, 0.16.10, 0.16.11, 0.16.12, 0.16.13, 0.16.14, 0.16.15, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5, 0.17.6, 0.17.7, 0.17.8, 0.17.9, 0.17.11, 0.17.12, 0.17.13, 0.17.14, 0.17.15, 0.17.16, 0.17.17, 0.18.0, 0.18.1, 0.18.2, 0.18.3, 0.18.4, 0.18.5, 0.18.6, 0.18.8, 0.18.9, 0.18.10, 0.18.12, 0.18.13, 0.18.14, 0.18.15, 0.18.16, 0.18.17, 0.18.18, 0.18.19, 0.19.0, 0.19.1, 0.19.2, 0.19.3, 0.19.4, 0.19.5, 0.19.6, 0.19.7, 0.19.8, 0.19.9, 0.19.10, 0.19.11, 0.19.12, 0.19.13, 0.19.14, 0.19.15, 0.19.16, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.20.4, 0.20.5, 0.20.6, 0.20.7, 0.20.8, 0.20.9, 0.20.10, 0.20.11, 0.20.12, 0.20.13, 0.20.14, 0.20.15, 0.21.0, 0.21.1, 0.21.2, 0.21.3, 0.21.4, 0.21.5, 0.21.6, 0.21.7, 0.21.8, 0.21.9, 0.21.10, 0.21.11, 0.21.12, 0.21.13, 0.21.14, 0.22.0, 0.22.1, 0.22.2, 0.22.3, 0.22.4, 0.22.5, 0.22.6, 0.22.7, 0.22.8, 0.22.9, 0.22.10, 0.22.11, 0.22.12, 0.22.13, 0.22.14, 0.22.15, 0.22.16, 0.22.17, 0.23.0, 0.23.1, 0.23.2, 0.23.3, 0.23.4, 0.23.5, 0.23.6, 0.23.7, 0.23.8, 0.23.9, 0.23.10, 0.23.11, 0.23.12, 0.23.13, 0.23.14, 0.23.15, 0.23.16, 0.23.17, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.24.5, 0.24.6, 0.24.7, 0.24.8, 0.24.9, 0.24.10, 0.24.11, 0.24.12, 0.24.13, 0.24.14, 0.24.15, 0.24.16, 0.24.17, 0.25.0, 0.25.1, 0.25.2, 0.25.3, 0.25.4, 0.25.5, 0.25.6, 0.25.7, 0.25.8, 0.25.9, 0.25.10, 0.25.11, 0.25.12, 0.25.13, 0.25.14, 0.25.15, 0.25.16, 0.26.0, 0.26.1, 0.26.2, 0.26.3, 0.26.4, 0.26.5, 0.26.6, 0.26.7, 0.26.8, 0.26.9, 0.26.10, 0.26.11, 0.26.12, 0.26.13, 0.27.0, 0.27.1, 0.27.2, 0.27.3, 0.27.4, 0.27.5, 0.27.6, 0.27.7, 0.27.8, 0.27.9, 0.27.10, 0.28.0, 0.28.1, 0.28.2, 0.28.3, 0.28.4, 0.28.5, 0.28.6, 0.29.0, 0.29.1, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 3.0.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0, 7.0.0, 8.0.0, 9.0.0, 10.0.0, 11.0.0