CVE-2019-11252

MEDIUM

Kubernetes 1.0.0-1.16.0 - Credential Leakage via AzureFile and CephFS Mount Failure Logs

Title source: llm

Description

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

References (1)

Core 1

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/kubernetes/kubernetes/pull/88684

Scores

CVSS v3 5.9

EPSS 0.0114

EPSS Percentile 62.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N

Details

CWE

CWE-209

Status published

Products (1)

kubernetes/kubernetes 1.0.0 - 1.17.0

Published Jul 23, 2020

Tracked Since Feb 18, 2026