CVE-2019-9946: Kubernetes affecting certain network configurations with CNI
Cloud Foundry Foundation
Affected Cloud Foundry Products and Versions
- Cloud Foundry Container Runtime (CFCR)
- All versions prior to 0.31.0
A security issue was discovered with interactions between the CNI (Container Networking Interface) portmap plugin versions prior to 0.7.5 and Kubernetes. The CNI portmap plugin is embedded into Kubernetes releases so new releases of Kubernetes are required to fix this issue. The issue is Medium and upgrading to Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0 is encouraged to fix this issue if this plugin is used in your environment.
Users of affected versions should apply the following mitigations or upgrades:
- Releases that have fixed this issue include:
- CFCR version 0.31.0
2019-04-01: Initial vulnerability report published.