PT-2019-16737 · Kubernetes · Kube-Rbac-Proxy
Publicado
2019-02-05
·
Atualizado
2021-05-21
·
CVE-2019-3818
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
kube-rbac-proxy versions prior to 0.4.1
Description
The issue allows for the use of insecure ciphers and TLS 1.0, as the kube-rbac-proxy container does not honor TLS configurations. This could enable an attacker to target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.
Recommendations
For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of insecure ciphers and TLS 1.0 in the TLS configuration until a patch is available. Restrict access to the kube-rbac-proxy container to minimize the risk of exploitation.
Correção
Use of a Broken Cryptographic Algorithm
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Kube-Rbac-Proxy