CVE-2019-12494

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-12494

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12494.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-12494

Published

2019-06-05T19:29:00.233Z

Modified

2025-11-20T10:56:02.223553Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.

References

Affected packages

Git / github.com/gardener/gardener

Affected ranges

Type: GIT
Repo: https://github.com/gardener/gardener
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

93b715ee5b3e6eca8c2b46a7431b4cb3bbc75980

Affected versions

0.*

0.1.0

0.10.0

0.11.0

0.12.0

0.13.0

0.14.0

0.15.0

0.16.0

0.17.0

0.18.0

0.19.0

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.7.0

0.8.0

0.9.0