HTTP Proxy Vulnerability in IBM Cloud Private Kubernetes API Server
CVE-2019-4119

3.1LOW

Key Information:

Vendor: IBM
Status: Cloud Private
Vendor: CVE Published:; 17 May 2019

Summary

The IBM Cloud Private Kubernetes API Server versions 2.1.0 and 3.1.0 to 3.1.2 are susceptible to a vulnerability that allows them to be exploited as an HTTP proxy. This flaw can facilitate unauthorized access to both internal and external target IP addresses, potentially exposing sensitive network resources to malicious actors. It is crucial for users of these affected versions to implement immediate corrective measures to safeguard their infrastructure.

Affected Version(s)

Cloud Private 2.1.0

Cloud Private 3.1.0

Cloud Private 3.1.1

References

http://www.ibm.com/support/docview.wss?uid=ibm10878460

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/158145

vdb-entryx_refsource_XF

CVSS V3.1

Score:

3.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 17, 2019
Vulnerability Reserved
Jan 3, 2019