CVE-2019-9946: Kubernetes affecting certain network configurations with CNI
Severity
Medium
Vendor
Pivotal Cloud Foundry
Description
A security issue was discovered with interactions between the CNI (Container Networking Interface) portmap plugin versions prior to 0.7.5 and Kubernetes. The CNI portmap plugin is embedded into Kubernetes releases so new releases of Kubernetes are required to fix this issue. The issue is Medium and upgrading to Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0 is encouraged to fix this issue if this plugin is used in your environment.
Affected VMware Products and Versions
Severity is medium unless otherwise noted.
- Pivotal Container Service (PKS)
- versions 1.2.x prior to 1.2.11
- Versions 1.3.x prior to 1.3.5
Mitigation
Users of affected versions should apply the following mitigation:
- Pivotal recommends upgrading the following releases:
- Pivotal Container Service (PKS)
- Upgrade 1.2.x versions to 1.2.11 or greater
- Upgrade 1.3.x versions to 1.3.5 or greater
- Pivotal Container Service (PKS)
References
- https://www.cloudfoundry.org/blog/cve-2019-9946/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9946
History
2019-04-01: Initial vulnerability report published