Vulnerability Report: GO-2021-0064
- CVE-2020-8565, GHSA-8cfg-vx93-jvxw
- Affects: k8s.io/client-go
- Published: Apr 14, 2021
- Modified: Jul 19, 2024
Authorization tokens may be inappropriately logged if the verbosity level is set to a debug level. This is due to an incomplete fix for CVE-2019-11250.
Affected Packages
-
PathGo VersionsSymbols
-
before v0.20.0-alpha.2
6 unexported affected symbols
- basicAuthRoundTripper.RoundTrip
- bearerAuthRoundTripper.RoundTrip
- debuggingRoundTripper.RoundTrip
- impersonatingRoundTripper.RoundTrip
- requestInfo.toCurl
- userAgentRoundTripper.RoundTrip
Aliases
References
- https://github.com/kubernetes/kubernetes/pull/95316
- https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419
- https://github.com/kubernetes/kubernetes/issues/95623
- https://vuln.go.dev/ID/GO-2021-0064.json
Credits
- @sfowl
Feedback
See anything missing or incorrect?
Suggest an edit to this report.