What is CVE-2019-11248?

CVE-2019-11248 is a medium-severity vulnerability in Kubernetes, classified under Unprotected Primary Channel. CVSS score: 6.5/10. Published 2019-08-29.

How severe is CVE-2019-11248?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Is CVE-2019-11248 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Kubernetes

CVE-2019-11248

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as inte…

EPSS: 0.912 (99.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L.

Affected products

Kubernetes — versions prior to 1.12.10, prior to 1.13.8, prior to 1.14.4

Weakness classification (CWE)

CWE-419 — Unprotected Primary Channel

Public proof-of-concept exploits

References

github.com/kubernetes/kubernetes/issues/81023 (x_refsource_CONFIRM)
CVE-2019-11248: /debug/pprof exposed on kubelet's healthz port (mailing-list, x_refsource_MLIST)
security.netapp.com/advisory/ntap-20190919-0003/ (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2019-11248?: CVE-2019-11248 is a medium-severity vulnerability in Kubernetes, classified under Unprotected Primary Channel. CVSS score: 6.5/10. Published 2019-08-29.
How severe is CVE-2019-11248?: Medium severity. CVSS v3 base score is 6.5 out of 10.
Is CVE-2019-11248 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.