CVE-2019-6648 - OpenCVE

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
F5	Container Ingress Service
Redhat	Openshift

Configuration 1 [-]

cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://support.f5.com/csp/article/K74327432
https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS

History

No history.

MITRE

Status: PUBLISHED

Assigner: f5

Published: 2019-09-04T15:49:06

Updated: 2024-08-04T20:23:22.425Z

Reserved: 2019-01-22T00:00:00

Link: CVE-2019-6648

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-04T16:15:11.060

Modified: 2023-11-07T03:13:13.693

Link: CVE-2019-6648

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "F5 Container Ingress Service", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.9.0"}]}], "descriptions": [{"lang": "en", "value": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-10-09T19:07:38", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.f5.com/csp/article/K74327432"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2019-6648", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "F5 Container Ingress Service", "version": {"version_data": [{"version_value": "1.9.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K74327432", "refsource": "MISC", "url": "https://support.f5.com/csp/article/K74327432"}, {"name": "https://support.f5.com/csp/article/K74327432?utm_source=f5support&utm_medium=RSS", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support&utm_medium=RSS"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:23:22.425Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.f5.com/csp/article/K74327432"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2019-6648", "datePublished": "2019-09-04T15:49:06", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:23:22.425Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B7C34CCD-152B-4D8B-A89C-A6607A61A7CF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*", "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration."}, {"lang": "es", "value": "En la versi\u00f3n 1.9.0, si el registro DEBUG est\u00e1 habilitado, F5 Container Ingress Service (CIS) para archivos de registro de Kubernetes y Red Hat OpenShift (k8s-bigip-ctlr) pueden contener secretos de BIG-IP, tales como Claves Privadas de SSL y Frases de Contrase\u00f1a de la Clave Privada proporcionadas como entradas para una Declaraci\u00f3n AS3."}], "id": "CVE-2019-6648", "lastModified": "2023-11-07T03:13:13.693", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 1.9, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-04T16:15:11.060", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K74327432"}, {"source": "f5sirt@f5.com", "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}