CVE-2023-0436

Name of the Vulnerable Software and Affected Versions MongoDB Atlas Kubernetes Operator versions 1.5.0 through 1.7.0

Description The issue affects MongoDB Atlas Kubernetes Operator, causing it to print sensitive information like GCP service account keys and API integration secrets when DEBUG mode logging is enabled. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The issue is related to the logging configuration, specifically when DEBUG logging is enabled, which is not the default setting. API Endpoints are not explicitly mentioned, but the logging configuration can be reviewed in the deployment configuration, for example, in the manager.yaml file.

Recommendations For versions 1.5.0 through 1.7.0, upgrade to the latest supported version to resolve the issue. As a temporary workaround, consider disabling DEBUG mode logging until a patch is available. Review the log-level of the Operator by checking the flags passed in the deployment configuration to ensure DEBUG logging is not enabled.