VYPR
Moderate severityNVD Advisory· Published Aug 29, 2019· Updated Sep 17, 2024

Kubernetes client-go logs authorization headers at debug verbosity levels

CVE-2019-11250

Description

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
k8s.io/client-goGo
< 0.17.00.17.0
k8s.io/kubernetesGo
< 1.16.0-beta.11.16.0-beta.1

Affected products

28

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.