Incorrect Permission Assignment for Critical Resource Affecting openshift-clients-redistributable package, versions <0:4.1.24-201911080309.git.0.c41acf2.el8
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL8-OPENSHIFTCLIENTSREDISTRIBUTABLE-4403078
- published 26 Mar 2023
- disclosed 22 Apr 2019
Introduced: 22 Apr 2019
CVE-2019-11244 Open this link in a new tabHow to fix?
Upgrade RHEL:8 openshift-clients-redistributable to version 0:4.1.24-201911080309.git.0.c41acf2.el8 or higher.
This issue was patched in RHSA-2019:3942.
NVD Description
Note: Versions mentioned in the description apply only to the upstream openshift-clients-redistributable package and not the openshift-clients-redistributable package as distributed by RHEL.
See How to fix? for RHEL:8 relevant fixed versions and status.
In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to $HOME/.kube/http-cache), written with world-writeable permissions (rw-rw-rw-). If --cache-dir is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.