PT-2020-9170 · Unknown+1 · Kubernetes+1

Published

2020-04-03

Updated

2020-07-28

CVE-2019-11252

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Kubernetes kube-controller-manager versions v1.0 through v1.17

Description The issue concerns a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

Recommendations For Kubernetes kube-controller-manager versions v1.0 through v1.17, update to a version that contains a fix for this issue to prevent credential leakage.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

ALT-PU-2020-1662

ALT-PU-2020-2338

CVE-2019-11252

RHSA-2020:2413

Affected Products

Alt Linux

Kubernetes

PT-2020-9170 · Unknown+1 · Kubernetes+1

CVE-2019-11252

Weakness Enumeration

Related Identifiers

Affected Products

References · 6