cncf portmap CVE-2019-9946 vulnerability in Cncf and Other Products
Published on April 2, 2019

product logo product logo product logo
Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.

Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2019-9946

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-9946 are published in these products:

Cncf Portmap
 
Kubernetes
 
NetApp Cloud Insights
 

Exploit Probability

EPSS
0.19%
Percentile
40.68%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.