PT-2018-17037 · F5 · F5 Big-Ip Controller For Kubernetes

Publicado

2018-07-31

Atualizado

2019-10-03

CVE-2018-5543

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Controller for Kubernetes versions 1.0.0 through 1.5.0

Description The issue concerns the disclosure of BIG-IP username and password. The F5 BIG-IP Controller for Kubernetes passes these credentials as command line parameters, which may lead to their disclosure.

Recommendations For versions 1.0.0 through 1.5.0, consider modifying the container to avoid passing the BIG-IP username and password as command line parameters to prevent credential disclosure. As a temporary workaround, restrict access to the container's command line parameters to minimize the risk of exploitation.

Correção

Insufficiently Protected Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-522

Identificadores relacionados

CVE-2018-5543

Produtos afetados

F5 Big-Ip Controller For Kubernetes

PT-2018-17037 · F5 · F5 Big-Ip Controller For Kubernetes

CVE-2018-5543

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4