Vulnerability Report: GO-2021-0064

CVE-2020-8565, GHSA-8cfg-vx93-jvxw
Affects: k8s.io/client-go, k8s.io/kubernetes
Published: Apr 14, 2021
Modified: Dec 14, 2023

Authorization tokens may be inappropriately logged if the verbosity level is set to a debug level. This is due to an incomplete fix for CVE-2019-11250.

Affected Packages

Path

Versions

Symbols
k8s.io/client-go/transport

before v0.20.0-alpha.2

all symbols
k8s.io/kubernetes/staging/src/k8s.io/client-go/transport

before v1.20.0-alpha.2

all symbols

Aliases

CVE-2020-8565
GHSA-8cfg-vx93-jvxw

References

https://github.com/kubernetes/kubernetes/pull/95316
https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419
https://github.com/kubernetes/kubernetes/issues/95623
https://vuln.go.dev/ID/GO-2021-0064.json

Credits

@sfowl

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL