Details of VAR-201909-0069

ID

VAR-201909-0069

CVE

CVE-2019-6648

TITLE

F5 Container Ingress Service and Red Hat OpenShift Vulnerable to information disclosure from log files

Trust: 0.8

sources: JVNDB: JVNDB-2019-008869

DESCRIPTION

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration. F5 Container Ingress Services is a product of the US company F5 that provides application services for container deployment. This product mainly provides functions such as Ingress control HTTP routing, load balancing and application delivery. An attacker could exploit this vulnerability to retrieve this information

Trust: 1.8

sources: NVD: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // VULHUB: VHN-158083 // VULMON: CVE-2019-6648

AFFECTED PRODUCTS

vendor:	redhat	model:	openshift	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	container ingress service	scope:	eq	version:	1.9.0	Trust: 1.0
vendor:	f5	model:	container ingress services	scope:	eq	version:	1.9.0	Trust: 0.8
vendor:	red hat	model:	openshift	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2019-008869 // NVD: CVE-2019-6648

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-6648
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2019-6648
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201908-668
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-158083
value:	LOW
Trust: 0.1
VULMON:	CVE-2019-6648
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2019-6648
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-158083
severity:	LOW
baseScore:	1.9
vectorString:	AV:L/AC:M/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-6648
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-6648
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-158083 // VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668 // NVD: CVE-2019-6648

PROBLEMTYPE DATA

problemtype:

CWE-532

Trust: 1.9

sources: VULHUB: VHN-158083 // JVNDB: JVNDB-2019-008869 // NVD: CVE-2019-6648

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201908-668

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-201908-668

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-008869

PATCH

title:	Red Hat OpenShift	url:	https://www.redhat.com/ja/technologies/cloud-computing/openshift	Trust: 0.8
title:	K74327432	url:	https://support.f5.com/csp/article/K74327432	Trust: 0.8
title:	F5 Container Ingress Services Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=96365	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2019-6648	Trust: 0.1

sources: VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668

EXTERNAL IDS

db:	NVD	id:	CVE-2019-6648	Trust: 2.6
db:	JVNDB	id:	JVNDB-2019-008869	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-668	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.3055	Trust: 0.6
db:	VULHUB	id:	VHN-158083	Trust: 0.1
db:	VULMON	id:	CVE-2019-6648	Trust: 0.1

sources: VULHUB: VHN-158083 // VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668 // NVD: CVE-2019-6648

REFERENCES

url:	https://support.f5.com/csp/article/k74327432	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-6648	Trust: 1.4
url:	https://support.f5.com/csp/article/k74327432?utm_source=f5support&amp%3butm_medium=rss	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6648	Trust: 0.8
url:	https://support.f5.com/csp/article/k74327432?utm_source=f5support&utm_medium=rss	Trust: 0.7
url:	https://www.auscert.org.au/bulletins/esb-2019.3055/	Trust: 0.6
url:	https://support.f5.com/csp/article/k74327432?utm_source=f5support&amp;utm_medium=rss	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/532.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2019-6648	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-158083 // VULMON: CVE-2019-6648 // JVNDB: JVNDB-2019-008869 // CNNVD: CNNVD-201908-668 // NVD: CVE-2019-6648

SOURCES

db:	VULHUB	id:	VHN-158083
db:	VULMON	id:	CVE-2019-6648
db:	JVNDB	id:	JVNDB-2019-008869
db:	CNNVD	id:	CNNVD-201908-668
db:	NVD	id:	CVE-2019-6648

LAST UPDATE DATE

2024-08-14T14:56:45.695000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-158083	date:	2023-02-03T00:00:00
db:	VULMON	id:	CVE-2019-6648	date:	2023-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-008869	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-668	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2019-6648	date:	2023-11-07T03:13:13.693

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-158083	date:	2019-09-04T00:00:00
db:	VULMON	id:	CVE-2019-6648	date:	2019-09-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-008869	date:	2019-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201908-668	date:	2019-08-12T00:00:00
db:	NVD	id:	CVE-2019-6648	date:	2019-09-04T16:15:11.060