CVE-2019-11250

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
kubernetesCNA
4.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
kuberneteskubernetes
𝑥
< 1.15.3
kuberneteskubernetes
1.15.3
kuberneteskubernetes
1.15.4:beta0
kuberneteskubernetes
1.16.0:alpha1
kuberneteskubernetes
1.16.0:alpha2
kuberneteskubernetes
1.16.0:alpha3
kuberneteskubernetes
1.16.0:beta1
kuberneteskubernetes
1.16.0:beta2
redhatopenshift_container_platform
3.11
redhatopenshift_container_platform
4.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
kubernetes
bullseye
1.20.5+really1.20.2-1
fixed
sid
1.20.5+really1.20.2-1.1
fixed
trixie
1.20.5+really1.20.2-1.1
fixed
bookworm
1.20.5+really1.20.2-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kubernetes
disco
not-affected
bionic
dne
xenial
dne
trusty
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2020/10/16/2
https://access.redhat.com/errata/RHSA-2019:4052
https://access.redhat.com/errata/RHSA-2019:4087
https://github.com/kubernetes/kubernetes/issues/81114
https://security.netapp.com/advisory/ntap-20190919-0003/
http://www.openwall.com/lists/oss-security/2020/10/16/2
https://access.redhat.com/errata/RHSA-2019:4052
https://access.redhat.com/errata/RHSA-2019:4087
https://github.com/kubernetes/kubernetes/issues/81114
https://security.netapp.com/advisory/ntap-20190919-0003/