All Vulnerability Reports

CVE-2019-9946: Kubernetes affecting certain network configurations with CNI




Pivotal Cloud Foundry


A security issue was discovered with interactions between the CNI (Container Networking Interface) portmap plugin versions prior to 0.7.5 and Kubernetes. The CNI portmap plugin is embedded into Kubernetes releases so new releases of Kubernetes are required to fix this issue. The issue is Medium and upgrading to Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0 is encouraged to fix this issue if this plugin is used in your environment.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

  • Pivotal Container Service (PKS)
    • versions 1.2.x prior to 1.2.11
    • Versions 1.3.x prior to 1.3.5


Users of affected versions should apply the following mitigation:

  • Pivotal recommends upgrading the following releases:
    • Pivotal Container Service (PKS)
      • Upgrade 1.2.x versions to 1.2.11 or greater
      • Upgrade 1.3.x versions to 1.3.5 or greater



2019-04-01: Initial vulnerability report published