Vulnerability Database
289,697
Total vulnerabilities in the database
CVE-2019-11250
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.
| Software | From | Fixed in |
|---|---|---|
| kubernetes / kubernetes | - | 1.15.3 |
| kubernetes / kubernetes | 1.15.3 | 1.15.3.x |
| kubernetes / kubernetes | 1.15.4-beta0 | 1.15.4-beta0.x |
| kubernetes / kubernetes | 1.16.0-alpha1 | 1.16.0-alpha1.x |
| kubernetes / kubernetes | 1.16.0-alpha2 | 1.16.0-alpha2.x |
| kubernetes / kubernetes | 1.16.0-alpha3 | 1.16.0-alpha3.x |
| kubernetes / kubernetes | 1.16.0-beta1 | 1.16.0-beta1.x |
| kubernetes / kubernetes | 1.16.0-beta2 | 1.16.0-beta2.x |
| redhat / openshift_container_platform | 3.11 | 3.11.x |
| redhat / openshift_container_platform | 4.1 | 4.1.x |
k8s.io/client-go/transport
|
- | 0.17.0 |
|
k8s.io/kubernetes/staging/src/k8s.io/client-go/transport
|
- | 1.16.0-beta.1 |
|
k8s.io/client-go
|
- | 0.17.0 |
|
k8s.io/kubernetes
|
- | 1.16.0-beta.1 |
- http://www.openwall.com/lists/oss-security/2020/10/16/2
- https://access.redhat.com/errata/RHSA-2019:4052
- https://access.redhat.com/errata/RHSA-2019:4087
- https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245
- https://github.com/kubernetes/kubernetes/issues/81114
- https://github.com/kubernetes/kubernetes/pull/81330
- https://pkg.go.dev/vuln/GO-2021-0065
- https://security.netapp.com/advisory/ntap-20190919-0003/