CVE-2019-11244

Name of the Vulnerable Software and Affected Versions Kubernetes versions 1.8.x through 1.14.x

Description The issue concerns the caching of schema information by kubectl, which is written with world-writeable permissions. If the cache directory is specified and located in a place accessible to other users or groups, the cached files can be modified, potentially disrupting kubectl operations. The cache directory defaults to $HOME/.kube/http-cache, but can be changed using the --cache-dir option.

Recommendations For Kubernetes versions 1.8.x through 1.14.x, consider restricting access to the cache directory to prevent modifications by other users or groups. As a temporary workaround, avoid using a cache directory that is accessible to other users or groups.