How severe is CVE-2019-11248?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-11248?

This is classified as CWE-419, which is a common weakness in software security.

CVE-2019-11248

MEDIUM Year: 2019

CVSS v3 Score

6.5

Medium

CVSS v2 Score

6.4

Medium

Weakness Type

CWE-419

View all →

Vulnerability Description

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

CVE-2025-24030

HIGH

CVSS:7.1(High)

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes cluster can use a path traversal attack t...

CWE-4192025

CVE-2022-33932

MEDIUM

CVSS:5.3(Medium)

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker ...

CWE-4192022

CVE-2018-12539

HIGH

CVSS:7.8(High)

In Eclipse OpenJ9 version 0.8, users other than the process owner may be able to use Java Attach API to connect to an Eclipse OpenJ9 or IBM JVM on the same machine and use Attach API operations, which...

CWE-4192018

CVE-2018-12120

HIGH

CVSS:8.1(High)

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all ...

CWE-4192018

CVE-2023-30859

CRITICAL

CVSS:9.8(Critical)

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you en...

CWE-4192023

CVE-2024-50588

CRITICAL

CVSS:9.8(Critical)

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. The data in the databas...

CWE-4192024

CVE-2019-11248

Vulnerability Description

Related Vulnerabilities

CVE-2025-24030

CVE-2022-33932

CVE-2018-12539

CVE-2018-12120

CVE-2023-30859

CVE-2024-50588