The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
kubernetes kubernetes 1.16.0 |
||
kubernetes kubernetes |
||
kubernetes kubernetes 1.15.4 |
||
kubernetes kubernetes 1.15.3 |
||
redhat openshift container platform 3.11 |
||
redhat openshift container platform 4.1 |