Description
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Kubernetes | Kubernetes | affected |
|
Configuration 1 [-]
|
No data.
No data available yet.
Remediation
Vendor Workaround
update node configurations to set the "healthzBindAddress" to "127.0.0.1" to prevent access by remote callers.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: kubernetes
Published:
Updated: 2024-09-17T03:28:37.165Z
Reserved: 2019-04-17T00:00:00.000Z
Link: CVE-2019-11248
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-08-29T01:15:11.367
Modified: 2024-11-21T04:20:48.100
Link: CVE-2019-11248
Redhat
OpenCVE Enrichment
No data.