CVE-2019-9946

HIGH Year: 2019
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-670
View all →

Vulnerability Description

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.

Related Vulnerabilities

CVE-2014-2686

HIGH
CVSS:7.5(High)

Ansible prior to 1.5.4 mishandles the evaluation of some strings.

CWE-6702014

CVE-2019-11412

HIGH
CVSS:7.5(High)

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

CWE-6702019

CVE-2019-19324

HIGH
CVSS:7.5(High)

Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms to alg=none, which sometimes leads to untrusted accidental JWT acceptance.

CWE-6702019

CVE-2019-19729

HIGH
CVSS:7.5(High)

An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the us...

CWE-6702019

CVE-2020-36277

HIGH
CVSS:7.5(High)

Leptonica before 1.80.0 allows a denial of service (application crash) via an incorrect left shift in pixConvert2To8 in pixconv.c.

CWE-6702020

CVE-2020-9425

HIGH
CVSS:7.5(High)

An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the applicatio...

CWE-6702020