ID

VAR-201909-0069


CVE

CVE-2019-6648


TITLE

F5 Container Ingress Service and Red Hat OpenShift Vulnerable to information disclosure from log files

Trust: 0.8

sources: JVNDB: JVNDB-2019-008869

DESCRIPTION

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information

Trust: 1.8

sources: NVD: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // VULHUB: VHN-158083 // VULMON: CVE-2019-6648

AFFECTED PRODUCTS

vendor:redhatmodel:openshiftscope:eqversion: -

Trust: 1.0

vendor:f5model:container ingress servicescope:eqversion:1.9.0

Trust: 1.0

vendor:f5model:container ingress servicesscope:eqversion:1.9.0

Trust: 0.8

vendor:red hatmodel:openshiftscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2019-008869 // NVD: CVE-2019-6648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-6648
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-6648
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201908-668
value: MEDIUM

Trust: 0.6

VULHUB: VHN-158083
value: LOW

Trust: 0.1

VULMON: CVE-2019-6648
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-6648
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-158083
severity: LOW
baseScore: 1.9
vectorString: AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-6648
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-6648
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-158083 // VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668 // NVD: CVE-2019-6648

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-158083 // JVNDB: JVNDB-2019-008869 // NVD: CVE-2019-6648

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-668

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201908-668

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008869

PATCH

title:Red Hat OpenShifturl:https://www.redhat.com/ja/technologies/cloud-computing/openshift

Trust: 0.8

title:K74327432url:https://support.f5.com/csp/article/K74327432

Trust: 0.8

title:F5 Container Ingress Services Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96365

Trust: 0.6

title: - url:https://github.com/Live-Hack-CVE/CVE-2019-6648

Trust: 0.1

sources: VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668

EXTERNAL IDS

db:NVDid:CVE-2019-6648

Trust: 2.6

db:JVNDBid:JVNDB-2019-008869

Trust: 0.8

db:CNNVDid:CNNVD-201908-668

Trust: 0.7

db:AUSCERTid:ESB-2019.3055

Trust: 0.6

db:VULHUBid:VHN-158083

Trust: 0.1

db:VULMONid:CVE-2019-6648

Trust: 0.1

sources: VULHUB: VHN-158083 // VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668 // NVD: CVE-2019-6648

REFERENCES

url:https://support.f5.com/csp/article/k74327432

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-6648

Trust: 1.4

url:https://support.f5.com/csp/article/k74327432?utm_source=f5support&amp%3butm_medium=rss

Trust: 1.0

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6648

Trust: 0.8

url:https://support.f5.com/csp/article/k74327432?utm_source=f5support&utm_medium=rss

Trust: 0.7

url:https://www.auscert.org.au/bulletins/esb-2019.3055/

Trust: 0.6

url:https://support.f5.com/csp/article/k74327432?utm_source=f5support&utm_medium=rss

Trust: 0.1

url:https://cwe.mitre.org/data/definitions/532.html

Trust: 0.1

url:https://github.com/live-hack-cve/cve-2019-6648

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-158083 // VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668 // NVD: CVE-2019-6648

SOURCES

db:VULHUBid:VHN-158083
db:VULMONid:CVE-2019-6648
db:JVNDBid:JVNDB-2019-008869
db:CNNVDid:CNNVD-201908-668
db:NVDid:CVE-2019-6648

LAST UPDATE DATE

2024-08-14T14:56:45.695000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-158083date:2023-02-03T00:00:00
db:VULMONid:CVE-2019-6648date:2023-02-03T00:00:00
db:JVNDBid:JVNDB-2019-008869date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-668date:2019-10-17T00:00:00
db:NVDid:CVE-2019-6648date:2023-11-07T03:13:13.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-158083date:2019-09-04T00:00:00
db:VULMONid:CVE-2019-6648date:2019-09-04T00:00:00
db:JVNDBid:JVNDB-2019-008869date:2019-09-06T00:00:00
db:CNNVDid:CNNVD-201908-668date:2019-08-12T00:00:00
db:NVDid:CVE-2019-6648date:2019-09-04T16:15:11.060