CVE-2019-9946

EPSS 0.37%
Published 02.04.2019 18:30:26
Last modified 21.11.2024 04:52:38
Source cve@mitre.org
Teams watchlist Login
Open Login

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.

Affected products Warnungen 0 Metrics 3 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Cncf ≫ Portmap SwPlatformcontainer_networking_interface Version < 0.7.5

Kubernetes ≫ Kubernetes Version < 1.11.9

Kubernetes ≫ Kubernetes Version >= 1.12.0 < 1.12.7

Kubernetes ≫ Kubernetes Version >= 1.13.0 < 1.13.5

Kubernetes ≫ Kubernetes Version1.13.6 Updatebeta0

Kubernetes ≫ Kubernetes Version1.14.0 Updatealpha0

Kubernetes ≫ Kubernetes Version1.14.0 Updatealpha1

Kubernetes ≫ Kubernetes Version1.14.0 Updatealpha2

Kubernetes ≫ Kubernetes Version1.14.0 Updatealpha3

Kubernetes ≫ Kubernetes Version1.14.0 Updatebeta0

Kubernetes ≫ Kubernetes Version1.14.0 Updatebeta1

Kubernetes ≫ Kubernetes Version1.14.0 Updatebeta2

Kubernetes ≫ Kubernetes Version1.14.0 Updaterc1

Netapp ≫ Cloud Insights Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.578

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

https://security.netapp.com/advisory/ntap-20190416-0002/

Patch

Third Party Advisory

https://access.redhat.com/errata/RHBA-2019:0862

https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/

https://nvd.nist.gov/vuln/detail/CVE-2019-9946

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-9946

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-9946

EUVD