PT-2019-12216 · Kubernetes+1 · Kubernetes+1

Publicado

2019-08-29

·

Atualizado

2022-05-24

·

CVE-2019-11250

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Kubernetes components versions prior to 1.16.0
Description The issue concerns the logging of request headers in the Kubernetes client-go library at high verbosity levels, which can lead to the disclosure of credentials to unauthorized users via logs or command output. This affects components that use basic or bearer token authentication and run at high verbosity levels.
Recommendations For versions prior to 1.16.0, consider reducing the verbosity level to prevent sensitive information from being logged. As a temporary workaround, restrict access to log files to minimize the risk of exploitation. Avoid running affected components at high verbosity levels until the issue is resolved.

Correção

Insertion into Log File

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-532

Identificadores relacionados

ALT-PU-2019-2792
ALT-PU-2019-2794
CVE-2019-11250
GHSA-JMRX-5G74-6V2F
GO-2021-0065
RHSA-2019:4052
RHSA-2019:4087

Produtos afetados

Alt Linux
Kubernetes