All Vulnerability Reports

CVE-2019-9946: Kubernetes affecting certain network configurations with CNI


Severity

Medium

Vendor

Pivotal Cloud Foundry

Description

A security issue was discovered with interactions between the CNI (Container Networking Interface) portmap plugin versions prior to 0.7.5 and Kubernetes. The CNI portmap plugin is embedded into Kubernetes releases so new releases of Kubernetes are required to fix this issue. The issue is Medium and upgrading to Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0 is encouraged to fix this issue if this plugin is used in your environment.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Container Service (PKS)
    • versions 1.2.x prior to 1.2.11
    • Versions 1.3.x prior to 1.3.5

Mitigation

Users of affected versions should apply the following mitigation:

  • Pivotal recommends upgrading the following releases:
    • Pivotal Container Service (PKS)
      • Upgrade 1.2.x versions to 1.2.11 or greater
      • Upgrade 1.3.x versions to 1.3.5 or greater

References

History

2019-04-01: Initial vulnerability report published