CVE-2019-11250 (Medium) detected in multiple libraries #3
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2019-11250 - Medium Severity Vulnerability
k8s.io/client-go/transport-kubernetes-1.15.0
Go client for Kubernetes.
Dependency Hierarchy:
k8s.io/client-go/kubernetes/typed/node/v1alpha1-v12.0.0
Go client for Kubernetes.
Dependency Hierarchy:
k8s.io/client-go/dynamic-v12.0.0
Go client for Kubernetes.
Dependency Hierarchy:
k8s.io/client-go/kubernetes/typed/node/v1beta1-v12.0.0
Go client for Kubernetes.
Dependency Hierarchy:
k8s.io/client-go/kubernetes/typed/networking/v1beta1-v12.0.0
Go client for Kubernetes.
Dependency Hierarchy:
Found in HEAD commit: e6da2b93014fd481cd513e40af9bcf1ec77c893b
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.
Publish Date: 2019-08-29
URL: CVE-2019-11250
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11250
Release Date: 2019-08-29
Fix Resolution: 1.16.0
The text was updated successfully, but these errors were encountered: