Sensitive Information leak via Log File in Kubernetes
Moderate severity
GitHub Reviewed
Published
Apr 24, 2024
to the GitHub Advisory Database
•
Updated Apr 24, 2024
Package
Affected versions
< 1.19.3
Patched versions
1.19.3
Description
Published to the GitHub Advisory Database
Apr 24, 2024
Reviewed
Apr 24, 2024
Last updated
Apr 24, 2024
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
References