Kube-rbac-proxy CVE-2019-3818 Information Disclosure Vulnerability
BID:106744
CVE-2019-3818 |Info
Kube-rbac-proxy CVE-2019-3818 Information Disclosure Vulnerability
| Bugtraq ID: | 106744 |
| Class: | Configuration Error |
| CVE: |
CVE-2019-3818 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 25 2019 12:00AM |
| Updated: | Jan 25 2019 12:00AM |
| Credit: | Frederic Branczyk (Red Hat), Matthias Loibl (Red Hat), Max Inden (Red Hat). |
| Vulnerable: |
Redhat OpenShift Container Platform 3.11 Brancz kube-rbac-proxy 0.4 Brancz kube-rbac-proxy 0.3.1 Brancz kube-rbac-proxy 0.3 Brancz kube-rbac-proxy 0.2 Brancz kube-rbac-proxy 0.1 |
| Not Vulnerable: |
Brancz kube-rbac-proxy 0.4.1 |
Discussion
Kube-rbac-proxy CVE-2019-3818 Information Disclosure Vulnerability
Kube-rbac-proxy is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks, to obtain potentially sensitive information or impersonate trusted servers, which will aid in further attacks.
Versions prior to Kube-rbac-proxy 0.4.1 are vulnerable.
Kube-rbac-proxy is prone to an information-disclosure vulnerability.
An attacker can exploit this issue to perform man-in-the-middle attacks, to obtain potentially sensitive information or impersonate trusted servers, which will aid in further attacks.
Versions prior to Kube-rbac-proxy 0.4.1 are vulnerable.
Solution / Fix
Kube-rbac-proxy CVE-2019-3818 Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Kube-rbac-proxy CVE-2019-3818 Information Disclosure Vulnerability
References:
References:
- Bug 1668961 (CVE-2019-3818) - CVE-2019-3818 kube-rbac-proxy: Improper applicatio (Red Hat Bugzilla)
- Check errors and log them (Brancz)
- CVE-2019-3818 (Red Hat Bugzilla)
- Kube-rbac-proxy Product Page (Kube-rbac-proxy)