Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-dxej-zg13-63ff
Summary
Kubernetes did not effectively clear service account credentials
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
Aliases
0
alias CVE-2019-11243
1
alias GHSA-gc2p-g4fg-29vh
Fixed_packages
0
url pkg:deb/debian/kubernetes@0?distro=trixie
purl pkg:deb/debian/kubernetes@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@0%3Fdistro=trixie
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
4
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
5
url pkg:golang/k8s.io/kubernetes@1.12.5
purl pkg:golang/k8s.io/kubernetes@1.12.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.12.5
6
url pkg:golang/k8s.io/kubernetes@1.13.1
purl pkg:golang/k8s.io/kubernetes@1.13.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.13.1
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11243.json
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11243.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11243
reference_id
reference_type
scores
0
value 0.00238
scoring_system epss
scoring_elements 0.46924
published_at 2026-04-24T12:55:00Z
1
value 0.00238
scoring_system epss
scoring_elements 0.46935
published_at 2026-04-09T12:55:00Z
2
value 0.00238
scoring_system epss
scoring_elements 0.46882
published_at 2026-04-07T12:55:00Z
3
value 0.00238
scoring_system epss
scoring_elements 0.46936
published_at 2026-04-08T12:55:00Z
4
value 0.00238
scoring_system epss
scoring_elements 0.46959
published_at 2026-04-11T12:55:00Z
5
value 0.00238
scoring_system epss
scoring_elements 0.46932
published_at 2026-04-12T12:55:00Z
6
value 0.00238
scoring_system epss
scoring_elements 0.46939
published_at 2026-04-21T12:55:00Z
7
value 0.00238
scoring_system epss
scoring_elements 0.46995
published_at 2026-04-16T12:55:00Z
8
value 0.00238
scoring_system epss
scoring_elements 0.4699
published_at 2026-04-18T12:55:00Z
9
value 0.00238
scoring_system epss
scoring_elements 0.46881
published_at 2026-04-01T12:55:00Z
10
value 0.00238
scoring_system epss
scoring_elements 0.46918
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11243
2
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
3
reference_url https://github.com/kubernetes/kubernetes/issues/76797
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/76797
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11243
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11243
5
reference_url https://security.netapp.com/advisory/ntap-20190509-0002
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190509-0002
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1703218
reference_id 1703218
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1703218
Weaknesses
0
cwe_id 212
name Improper Removal of Sensitive Information Before Storage or Transfer
description The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
1
cwe_id 271
name Privilege Dropping / Lowering Errors
description The product does not drop privileges before passing control of a resource to an actor that does not have those privileges.
2
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Exploits
Severity_range_score3.1 - 8.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-dxej-zg13-63ff