x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2019-11252

[tatianab]

CVE-2019-11252 references github.com/kubernetes/kubernetes, which may be a Go module.

Description:
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-11252
• fix: Update AzureFile and CephFS to use MountSensitive kubernetes/kubernetes#88684
• Imported by: https://pkg.go.dev/github.com/kubernetes/kubernetes?tab=importedby

Cross references:

• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubectl/cmd/cp: GHSA-34jx-wx69-9x8v #782 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-579h-mv94-g4gp #792 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubectl/cmd/cp: GHSA-6qfg-8799-r575 #802 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-mqf3-28j7-3mj6 #857 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubelet/server: GHSA-qhm4-jxv7-j9pq #867 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/volume/storageos: GHSA-x6mj-w4jf-jmgw #890 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/apiserver: GHSA-xx8c-m748-xr4j #893 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-2394-5535-8j88 #1628 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-jh36-q97c-9928 #1629 NOT_IMPORTABLE
• Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2021-25736 #2159 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/kubernetes/kubernetes
      vulnerable_at: 1.28.3
      packages:
        - package: Kubernetes
cves:
    - CVE-2019-11252
credits:
    - Christopher J. Ruwe
references:
    - fix: https://github.com/kubernetes/kubernetes/pull/88684

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports