CVE-2019-9946

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-9946

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9946.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-9946

Related

Published

2019-04-02T18:30:26Z

Modified

2024-09-18T03:05:49.246100Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.

References

Affected packages

Debian:11 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/containernetworking/plugins

Affected ranges

Type: GIT
Repo: https://github.com/containernetworking/plugins
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a62711a5da7a2dc2eb93eac47e103738ad923fd6

Type: GIT
Repo: https://github.com/kubernetes/kubelet
Events: Introduced

b2c7df37e34be8581976ae5b6289401530620ff9

Fixed

90bb74a031b8e57d819e417e2b33833058008b00

Affected versions

v0.*

v0.1.0

v0.2.0-rc0

v0.3.0

v0.3.0-rc0

v0.3.0-rc1

v0.3.0-rc2

v0.3.0-rc3

v0.6.0

v0.6.0-rc1

v0.6.0-rc2

v0.7.0

v0.7.0-rc1

v0.7.0-rc2

v0.7.1

v0.7.2

v0.7.3

v0.7.4