CVE-2019-11248 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-11248 Interim 1 37 2025-02-17T02:07:10Z current 2021-05-30T14:27:32Z 2025-02-17T02:07:10Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-11248 The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server Business Critical Linux 15 SP1 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 kubernetes kubernetes-client kubernetes-common kubernetes-kubeadm kubernetes-kubelet kubernetes-client as a component of SUSE CaaS Platform 4.0 kubernetes-common as a component of SUSE CaaS Platform 4.0 kubernetes-kubeadm as a component of SUSE CaaS Platform 4.0 kubernetes-kubelet as a component of SUSE CaaS Platform 4.0 kubernetes as a component of SUSE CaaS Platform 4.0 kubernetes-client as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS kubernetes-common as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS kubernetes as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS kubernetes-client as a component of SUSE Linux Enterprise Module for Public Cloud 12 kubernetes as a component of SUSE Linux Enterprise Module for Public Cloud 12 kubernetes as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1 The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration. CVE-2019-11248 SUSE CaaS Platform 4.0:kubernetes SUSE CaaS Platform 4.0:kubernetes-client SUSE CaaS Platform 4.0:kubernetes-common SUSE CaaS Platform 4.0:kubernetes-kubeadm SUSE CaaS Platform 4.0:kubernetes-kubelet SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:kubernetes SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:kubernetes-client SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:kubernetes-common SUSE Linux Enterprise Module for Public Cloud 12:kubernetes SUSE Linux Enterprise Module for Public Cloud 12:kubernetes-client SUSE Linux Enterprise Server Business Critical Linux 15 SP1:kubernetes moderate 6.4 AV:N/AC:L/Au:N/C:P/I:N/A:P 5.4 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L