CVE-2019-11250

Summary

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetesprior to 1.16affected

Weaknesses

  • CWE-532: CWE-532: Inclusion of Sensitive Information in Log Files

Workarounds

lower log verbosity levels to <= 6

ADP Enrichment

CVE Program Container

Additional References

References