Exposure of BIG-IP Secrets in F5 Container Ingress Service (CIS) and Red Hat OpenShift (k8s-bigip-ctlr) Log Files

CVE-2019-6648

On version 1.9.0, If DEBUG logging is enable, F5 Container Ingress Service (CIS) for Kubernetes and Red Hat OpenShift (k8s-bigip-ctlr) log files may contain BIG-IP secrets such as SSL Private Keys and Private key Passphrases as provided as inputs by an AS3 Declaration.

Learn more about our Cis Benchmark Audit For F5.