PT-2019-16737 · Kubernetes · Kube-Rbac-Proxy

Published

2019-02-05

Updated

2021-05-21

CVE-2019-3818

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions kube-rbac-proxy versions prior to 0.4.1

Description The issue allows for the use of insecure ciphers and TLS 1.0, as the kube-rbac-proxy container does not honor TLS configurations. This could enable an attacker to target traffic sent over a TLS connection with a weak configuration and potentially break the encryption.

Recommendations For versions prior to 0.4.1, update to version 0.4.1 or later to resolve the issue. As a temporary workaround, consider disabling the use of insecure ciphers and TLS 1.0 in the TLS configuration until a patch is available. Restrict access to the kube-rbac-proxy container to minimize the risk of exploitation.

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

CVE-2019-3818

Affected Products

Kube-Rbac-Proxy

PT-2019-16737 · Kubernetes · Kube-Rbac-Proxy

CVE-2019-3818

Weakness Enumeration

Related Identifiers

Affected Products

References · 7