5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-11244

GHSA ID

GHSA-2575-pghm-6qqx

EPSS Score

0.2905%

CWE

CWE-524

Published

2/15/2022

Updated

9/18/2023

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-11244

CVE-2019-11244: Kubernetes Unsafe Cacheing

In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.

(GitHub Advisory)

5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2019-11244

GHSA ID

GHSA-2575-pghm-6qqx

EPSS Score

0.2905%

CWE

CWE-524

Published

2/15/2022

Updated

9/18/2023

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
k8s.io/client-go	go	>= 1.8.0, < 1.12.9	1.12.9

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from two key issues: 1) Cache directories created with 0755 permissions allowed world-write access, 2) Cache files created with 0666 permissions. The core vulnerable functions are those handling filesystem operations in the discovery/cached/disk package. Confidence is high because: 1) The GitHub commit f228ae3 explicitly shows permission changes from 0755->0750 and 0666->0660 in these functions 2) CVE description matches the patched file permissions 3) Added test cases in cached_discovery_test.go and round_tripper_test.go specifically validate permission fixes 4) Red Hat advisories reference these client-go components as vulnerable vectors.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Ku**rn*t*s v*.*.x-v*.**.x, s***m* in*o is ****** *y ku***tl in t** lo**tion sp**i*i** *y `--*****-*ir` (****ultin* to `$*OM*/.ku**/*ttp-*****`), writt*n wit* worl*-writ***l* p*rmissions (`rw-rw-rw-`). I* `--*****-*ir` is sp**i*i** *n* point** *t *

Reasoning

T** vuln*r**ility st*mm** *rom two k*y issu*s: *) ***** *ir**tori*s *r**t** wit* **** p*rmissions *llow** worl*-writ* ****ss, *) ***** *il*s *r**t** wit* **** p*rmissions. T** *or* vuln*r**l* *un*tions *r* t*os* **n*lin* *il*syst*m op*r*tions in t**

5

Basic Information

Concerned about an active attack path?

CVE-2019-11244: Kubernetes Unsafe Cacheing

5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI