CVE-2019-4119

3.1LOW

Key Information:

Vendor
IBM
Status
Cloud Private
Vendor
CVE Published:
17 May 2019

Summary

IBM Cloud Private Kubernetes API server 2.1.0, 3.1.0, 3.1.1, and 3.1.2 can be used as an HTTP proxy to not only cluster internal but also external target IP addresses. IBM X-Force ID: 158145.

Affected Version(s)

Cloud Private 2.1.0

Cloud Private 3.1.0

Cloud Private 3.1.1

References

http://www.ibm.com/support/docview.wss?uid=ibm10878460
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/158145
vdb-entryx_refsource_XF

CVSS V3.1

Score:
3.1
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.