cvelistv5 - cve-2019-6648

CVE-2019-6648 (GCVE-0-2019-6648)

Vulnerability from cvelistv5

Published

2019-09-04 15:49

Modified

2024-08-04 20:23

Severity ?

CWE

Information Disclosure

Summary

References

URL

	Vendor	Product	Version
	n/a	F5 Container Ingress Service	Version: 1.9.0

fkie_cve-2019-6648

Vulnerability from fkie_nvd

Published

2019-09-04 16:15

Modified

2024-11-21 04:46

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
f5sirt@f5.com	https://support.f5.com/csp/article/K74327432	Vendor Advisory
f5sirt@f5.com	https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K74327432	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.f5.com/csp/article/K74327432?utm_source=f5support&amp%3Butm_medium=RSS

Impacted products

	Vendor	Product	Version
	f5	container_ingress_service	1.9.0
	redhat	openshift	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7C34CCD-152B-4D8B-A89C-A6607A61A7CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration."
    },
    {
      "lang": "es",
      "value": "En la versi\u00f3n 1.9.0, si el registro DEBUG est\u00e1 habilitado, F5 Container Ingress Service (CIS) para archivos de registro de Kubernetes y Red Hat OpenShift (k8s-bigip-ctlr) pueden contener secretos de BIG-IP, tales como Claves Privadas de SSL y Frases de Contrase\u00f1a de la Clave Privada proporcionadas como entradas para una Declaraci\u00f3n AS3."
    }
  ],
  "id": "CVE-2019-6648",
  "lastModified": "2024-11-21T04:46:52.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-09-04T16:15:11.060",
  "references": [
    {
      "source": "f5sirt@f5.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K74327432"
    },
    {
      "source": "f5sirt@f5.com",
      "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K74327432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    }
  ],
  "sourceIdentifier": "f5sirt@f5.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201909-0069",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "container ingress service",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "f5",
        "version": "1.9.0"
      },
      {
        "model": "openshift",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "container ingress services",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "f5",
        "version": "1.9.0"
      },
      {
        "model": "openshift",
        "scope": null,
        "trust": 0.8,
        "vendor": "red hat",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:f5:container_ingress_service",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:redhat:openshift",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      }
    ]
  },
  "cve": "CVE-2019-6648",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "CVE-2019-6648",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.9,
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.4,
            "id": "VHN-158083",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.8,
            "id": "CVE-2019-6648",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2019-6648",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-6648",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2019-6648",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201908-668",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-158083",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-6648",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-6648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6648"
      }
    ],
    "trust": 1.8
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-6648",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.3055",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-158083",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6648",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "id": "VAR-201909-0069",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158083"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:33:46.642000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Red Hat OpenShift",
        "trust": 0.8,
        "url": "https://www.redhat.com/ja/technologies/cloud-computing/openshift"
      },
      {
        "title": "K74327432",
        "trust": 0.8,
        "url": "https://support.f5.com/csp/article/K74327432"
      },
      {
        "title": "F5 Container Ingress Services Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96365"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/Live-Hack-CVE/CVE-2019-6648 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-6648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-532",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://support.f5.com/csp/article/k74327432"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-6648"
      },
      {
        "trust": 1.0,
        "url": "https://support.f5.com/csp/article/k74327432?utm_source=f5support\u0026amp%3butm_medium=rss"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6648"
      },
      {
        "trust": 0.7,
        "url": "https://support.f5.com/csp/article/k74327432?utm_source=f5support\u0026utm_medium=rss"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2019.3055/"
      },
      {
        "trust": 0.1,
        "url": "https://support.f5.com/csp/article/k74327432?utm_source=f5support\u0026amp;amp;utm_medium=rss"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/532.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/live-hack-cve/cve-2019-6648"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-6648"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-09-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "date": "2019-09-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6648"
      },
      {
        "date": "2019-09-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "date": "2019-08-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      },
      {
        "date": "2019-09-04T16:15:11.060000",
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-158083"
      },
      {
        "date": "2023-02-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-6648"
      },
      {
        "date": "2019-09-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      },
      {
        "date": "2024-11-21T04:46:52.770000",
        "db": "NVD",
        "id": "CVE-2019-6648"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "F5 Container Ingress Service and  Red Hat OpenShift Vulnerable to information disclosure from log files",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2019-008869"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "log information leak",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201908-668"
      }
    ],
    "trust": 0.6
  }
}

gsd-2019-6648

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-6648

Aliases

CVE-2019-6648

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-6648",
    "description": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.",
    "id": "GSD-2019-6648"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-6648"
      ],
      "details": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.",
      "id": "GSD-2019-6648",
      "modified": "2023-12-13T01:23:49.325165Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "f5sirt@f5.com",
        "ID": "CVE-2019-6648",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "F5 Container Ingress Service",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.9.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.f5.com/csp/article/K74327432",
            "refsource": "MISC",
            "url": "https://support.f5.com/csp/article/K74327432"
          },
          {
            "name": "https://support.f5.com/csp/article/K74327432?utm_source=f5support\u0026amp;utm_medium=RSS",
            "refsource": "CONFIRM",
            "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support\u0026amp;utm_medium=RSS"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:f5:container_ingress_service:1.9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "f5sirt@f5.com",
          "ID": "CVE-2019-6648"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-532"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.f5.com/csp/article/K74327432",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K74327432"
            },
            {
              "name": "https://support.f5.com/csp/article/K74327432?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 1.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 0.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-03T18:40Z",
      "publishedDate": "2019-09-04T16:15Z"
    }
  }
}

cnvd-2019-44761

Vulnerability from cnvd

Title

F5 Container Ingress Services日志信息泄露漏洞

Description

F5 Container Ingress Services是美国F5公司的一款为容器部署提供应用程序服务的产品。该产品主要提供Ingress控制HTTP路由、负载平衡和应用程序交付等功能。 F5 Container Ingress Services（用于Kubernetes和Red Hat OpenShift）k8s-bigip-ctlr:1.9.0版本中存在信息泄露漏洞，攻击者可利用该漏洞获取CIS服务的日志文件。

Severity

低

Patch Name

F5 Container Ingress Services日志信息泄露漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.f5.com/csp/article/K74327432

Reference

https://www.auscert.org.au/bulletins/ESB-2019.3055/

Impacted products

Name
F5 Container Ingress Services 1.9.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-6648",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6648"
    }
  },
  "description": "F5 Container Ingress Services\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3e\u4e3a\u5bb9\u5668\u90e8\u7f72\u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u7684\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u63d0\u4f9bIngress\u63a7\u5236HTTP\u8def\u7531\u3001\u8d1f\u8f7d\u5e73\u8861\u548c\u5e94\u7528\u7a0b\u5e8f\u4ea4\u4ed8\u7b49\u529f\u80fd\u3002\n\nF5 Container Ingress Services\uff08\u7528\u4e8eKubernetes\u548cRed Hat OpenShift\uff09k8s-bigip-ctlr:1.9.0\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6CIS\u670d\u52a1\u7684\u65e5\u5fd7\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.f5.com/csp/article/K74327432",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-44761",
  "openTime": "2019-12-11",
  "patchDescription": "F5 Container Ingress Services\u662f\u7f8e\u56fdF5\u516c\u53f8\u7684\u4e00\u6b3e\u4e3a\u5bb9\u5668\u90e8\u7f72\u63d0\u4f9b\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u7684\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u63d0\u4f9bIngress\u63a7\u5236HTTP\u8def\u7531\u3001\u8d1f\u8f7d\u5e73\u8861\u548c\u5e94\u7528\u7a0b\u5e8f\u4ea4\u4ed8\u7b49\u529f\u80fd\u3002\r\n\r\nF5 Container Ingress Services\uff08\u7528\u4e8eKubernetes\u548cRed Hat OpenShift\uff09k8s-bigip-ctlr:1.9.0\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6CIS\u670d\u52a1\u7684\u65e5\u5fd7\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "F5 Container Ingress Services\u65e5\u5fd7\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "F5 Container Ingress Services 1.9.0"
  },
  "referenceLink": "https://www.auscert.org.au/bulletins/ESB-2019.3055/",
  "serverity": "\u4f4e",
  "submitTime": "2019-08-12",
  "title": "F5 Container Ingress Services\u65e5\u5fd7\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

ghsa-jmpc-vpwq-88q3

Vulnerability from github

Published

2022-05-24 16:55

Modified

2023-02-03 21:30

Severity ?

4.4 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-6648"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-09-04T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.",
  "id": "GHSA-jmpc-vpwq-88q3",
  "modified": "2023-02-03T21:30:35Z",
  "published": "2022-05-24T16:55:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6648"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K74327432"
    },
    {
      "type": "WEB",
      "url": "https://support.f5.com/csp/article/K74327432?utm_source=f5support\u0026amp;utm_medium=RSS"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-6648 (GCVE-0-2019-6648)

Vulnerability from cvelistv5

fkie_cve-2019-6648

Vulnerability from fkie_nvd

var-201909-0069

Vulnerability from variot

gsd-2019-6648

Vulnerability from gsd

cnvd-2019-44761

Vulnerability from cnvd

ghsa-jmpc-vpwq-88q3

Vulnerability from github

Tags

Sightings

Nomenclature