CVE-2019-6648

Name of the Vulnerable Software and Affected Versions F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) version 1.9.0

Description The issue concerns the logging of sensitive information. When DEBUG logging is enabled on the affected version, log files may contain BIG-IP secrets, including SSL Private Keys and Private key Passphrases, which are provided as inputs by an AS3 Declaration.

Recommendations For version 1.9.0, consider disabling DEBUG logging to prevent the exposure of sensitive information in log files. As a temporary workaround, restrict access to log files to minimize the risk of secrets being accessed by unauthorized parties.