Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2019-11248

Unprotected Primary Channel

Published: Aug 29, 2019 | Modified: Nov 21, 2024
CVSS 3.x
8.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:P
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Ubuntu
MEDIUM
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-11248
CWEhttps://cwe.mitre.org/data/definitions/419.html

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelets healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

Weakness

The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.

Affected Software

Name Vendor Start Version End Version
Kubernetes Kubernetes * 1.12.10 (excluding)
Kubernetes Kubernetes 1.13.0 (including) 1.13.0 (including)
Kubernetes Kubernetes 1.13.0-alpha0 (including) 1.13.0-alpha0 (including)
Kubernetes Kubernetes 1.13.0-alpha1 (including) 1.13.0-alpha1 (including)
Kubernetes Kubernetes 1.13.0-alpha2 (including) 1.13.0-alpha2 (including)
Kubernetes Kubernetes 1.13.0-alpha3 (including) 1.13.0-alpha3 (including)
Kubernetes Kubernetes 1.13.0-beta0 (including) 1.13.0-beta0 (including)
Kubernetes Kubernetes 1.13.0-beta1 (including) 1.13.0-beta1 (including)
Kubernetes Kubernetes 1.13.0-beta2 (including) 1.13.0-beta2 (including)
Kubernetes Kubernetes 1.13.0-rc1 (including) 1.13.0-rc1 (including)
Kubernetes Kubernetes 1.13.0-rc2 (including) 1.13.0-rc2 (including)
Kubernetes Kubernetes 1.13.1 (including) 1.13.1 (including)
Kubernetes Kubernetes 1.13.1-beta0 (including) 1.13.1-beta0 (including)
Kubernetes Kubernetes 1.13.2 (including) 1.13.2 (including)
Kubernetes Kubernetes 1.13.2-beta0 (including) 1.13.2-beta0 (including)
Kubernetes Kubernetes 1.13.3 (including) 1.13.3 (including)
Kubernetes Kubernetes 1.13.3-beta0 (including) 1.13.3-beta0 (including)
Kubernetes Kubernetes 1.13.4 (including) 1.13.4 (including)
Kubernetes Kubernetes 1.13.4-beta0 (including) 1.13.4-beta0 (including)
Kubernetes Kubernetes 1.13.5 (including) 1.13.5 (including)
Kubernetes Kubernetes 1.13.5-beta0 (including) 1.13.5-beta0 (including)
Kubernetes Kubernetes 1.13.6 (including) 1.13.6 (including)
Kubernetes Kubernetes 1.13.6-beta0 (including) 1.13.6-beta0 (including)
Kubernetes Kubernetes 1.13.7 (including) 1.13.7 (including)
Kubernetes Kubernetes 1.13.7-beta.0 (including) 1.13.7-beta.0 (including)
Kubernetes Kubernetes 1.13.8-beta.0 (including) 1.13.8-beta.0 (including)
Kubernetes Kubernetes 1.14.0 (including) 1.14.0 (including)
Kubernetes Kubernetes 1.14.0-alpha0 (including) 1.14.0-alpha0 (including)
Kubernetes Kubernetes 1.14.0-alpha1 (including) 1.14.0-alpha1 (including)
Kubernetes Kubernetes 1.14.0-alpha2 (including) 1.14.0-alpha2 (including)
Kubernetes Kubernetes 1.14.0-alpha3 (including) 1.14.0-alpha3 (including)
Kubernetes Kubernetes 1.14.0-beta0 (including) 1.14.0-beta0 (including)
Kubernetes Kubernetes 1.14.0-beta1 (including) 1.14.0-beta1 (including)
Kubernetes Kubernetes 1.14.0-beta2 (including) 1.14.0-beta2 (including)
Kubernetes Kubernetes 1.14.0-rc1 (including) 1.14.0-rc1 (including)
Kubernetes Kubernetes 1.14.1 (including) 1.14.1 (including)
Kubernetes Kubernetes 1.14.1-beta0 (including) 1.14.1-beta0 (including)
Kubernetes Kubernetes 1.14.2 (including) 1.14.2 (including)
Kubernetes Kubernetes 1.14.2-beta0 (including) 1.14.2-beta0 (including)
Kubernetes Kubernetes 1.14.3 (including) 1.14.3 (including)
Kubernetes Kubernetes 1.14.3-beta0 (including) 1.14.3-beta0 (including)
Kubernetes Kubernetes 1.14.4-beta.0 (including) 1.14.4-beta.0 (including)
Kubernetes Kubernetes 1.15.0-alpha0 (including) 1.15.0-alpha0 (including)
Kubernetes Kubernetes 1.15.0-alpha1 (including) 1.15.0-alpha1 (including)
Kubernetes Kubernetes 1.15.0-alpha2 (including) 1.15.0-alpha2 (including)
Kubernetes Kubernetes 1.15.0-alpha3 (including) 1.15.0-alpha3 (including)
Kubernetes Kubernetes 1.15.0-beta0 (including) 1.15.0-beta0 (including)
Kubernetes Kubernetes 1.15.0-beta1 (including) 1.15.0-beta1 (including)
Kubernetes Kubernetes 1.15.0-beta2 (including) 1.15.0-beta2 (including)
Kubernetes Kubernetes 1.15.0-rc1 (including) 1.15.0-rc1 (including)
Kubernetes Ubuntu disco *
Kubernetes Ubuntu eoan *
Kubernetes Ubuntu groovy *
Kubernetes Ubuntu hirsute *
Kubernetes Ubuntu impish *
Kubernetes Ubuntu kinetic *
Kubernetes Ubuntu lunar *
Kubernetes Ubuntu mantic *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use