Platform
kubernetes
Component
kubernetes
Fixed in
N/A
N/A
N/A
N/A
N/A
N/A
N/A
CVE-2019-11244 describes an information disclosure vulnerability affecting Kubernetes versions 1.8.0 through 1.14.x. This issue arises from kubectl caching schema information in a world-writeable location, potentially allowing unauthorized users to modify cached files and disrupt kubectl operations. The vulnerability is rated as LOW severity and can be resolved by upgrading to version 1.14* or later.
The primary impact of CVE-2019-11244 is the potential for information disclosure and disruption of kubectl functionality. An attacker with access to the same system as the Kubernetes cluster could exploit this vulnerability by modifying the cached schema files. This could lead to kubectl behaving unexpectedly, potentially preventing users from interacting with the cluster correctly. While the direct data exposure is limited to schema information, the disruption caused by manipulating kubectl could be significant, especially in environments heavily reliant on automated deployments and cluster management.
CVE-2019-11244 was publicly disclosed on April 22, 2019. There is no indication of active exploitation or inclusion in the CISA KEV catalog. Public proof-of-concept exploits are not widely available, suggesting a relatively low probability of exploitation in the wild. The vulnerability's impact is primarily related to operational disruption rather than direct data compromise.
Exploit Status
EPSS
0.10% (27% percentile)
CVSS Vector
The recommended mitigation for CVE-2019-11244 is to upgrade Kubernetes to version 1.14* or later, which addresses the vulnerability. If an immediate upgrade is not feasible, consider restricting access to the --cache-dir location. Ensure that only authorized users and processes have write access to this directory. Furthermore, monitor the directory for unexpected modifications. After upgrading, confirm kubectl is functioning as expected by running a basic kubectl get pods command and verifying the output.
Update Kubernetes to a version later than 1.14.x. As a temporary measure, ensure that the kubectl cache directory (--cache-dir) is not accessible by other users/groups, or do not specify it to use the default value in the user's home directory.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-11244 is a LOW severity vulnerability in Kubernetes affecting versions 1.8.0–v1.14*. It allows potential modification of cached schema files, disrupting kubectl operations.
You are affected if your Kubernetes cluster is running versions 1.8.0 through 1.14.x and kubectl is configured to use a world-writeable cache directory.
Upgrade your Kubernetes cluster to version 1.14* or later. If immediate upgrade is not possible, restrict access to the --cache-dir directory.
There is no public evidence of active exploitation of CVE-2019-11244 at this time.
Refer to the Kubernetes security advisory at https://kubernetes.io/blog/2019/04/22/security-announcement-CVE-2019-11244/
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.