x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5x96-j797-5qqw #2754

GoVulnBot · 2024-04-24T21:01:41Z

In GitHub Security Advisory GHSA-5x96-j797-5qqw, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/kubernetes/kubernetes	1.19.3	>= 1.19.0, < 1.19.3

Cross references:

Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubectl/cmd/cp: GHSA-34jx-wx69-9x8v #782 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-579h-mv94-g4gp #792 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubectl/cmd/cp: GHSA-6qfg-8799-r575 #802 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-mqf3-28j7-3mj6 #857 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/kubelet/server: GHSA-qhm4-jxv7-j9pq #867 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/volume/storageos: GHSA-x6mj-w4jf-jmgw #890 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes/pkg/apiserver: GHSA-xx8c-m748-xr4j #893 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-2394-5535-8j88 #1628 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-jh36-q97c-9928 #1629 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2021-25736 #2159 NOT_IMPORTABLE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2019-11246 #2230 LEGACY_FALSE_POSITIVE
Module github.com/kubernetes/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: CVE-2019-11252 #2231 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/kubernetes/kubernetes
      versions:
        - introduced: 1.19.0
          fixed: 1.19.3
      packages:
        - package: github.com/kubernetes/kubernetes
    - module: github.com/kubernetes/kubernetes
      versions:
        - introduced: 1.18.0
          fixed: 1.18.10
      packages:
        - package: github.com/kubernetes/kubernetes
    - module: github.com/kubernetes/kubernetes
      versions:
        - fixed: 1.17.13
      packages:
        - package: github.com/kubernetes/kubernetes
summary: Sensitive Information leak via Log File in Kubernetes in github.com/kubernetes/kubernetes
cves:
    - CVE-2020-8566
ghsas:
    - GHSA-5x96-j797-5qqw
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-8566
    - report: https://github.com/kubernetes/kubernetes/issues/95624
    - fix: https://github.com/kubernetes/kubernetes/pull/95245
    - fix: https://github.com/kubernetes/kubernetes/pull/95245/commits/e91ec4fad3366d2dee020919f7c2a0d7b52fd3ea
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1886640
    - web: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
    - web: https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
    - web: https://security.netapp.com/advisory/ntap-20210122-0006
    - advisory: https://github.com/advisories/GHSA-5x96-j797-5qqw
source:
    id: GHSA-5x96-j797-5qqw

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-05-17T20:42:36Z

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

gopherbot · 2024-06-03T19:20:45Z

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports

tatianab assigned maceonthompson May 10, 2024

tatianab added the triaged label May 23, 2024

gopherbot closed this as completed in 96f0f48 Jun 4, 2024

GoVulnBot mentioned this issue Jul 18, 2024

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994

Closed

GoVulnBot mentioned this issue Nov 22, 2024

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-27wf-5967-98gx #3286

Closed

GoVulnBot mentioned this issue Feb 13, 2025

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-jgfp-53c3-624w #3465

Closed

GoVulnBot mentioned this issue Mar 13, 2025

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-vv39-3w5q-974q #3522

Closed

GoVulnBot mentioned this issue Mar 21, 2025

x/vulndb: potential Go vuln in k8s.io/kubernetes/cmd/kube-apiserver: GHSA-r56h-j38w-hrqq #3547

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5x96-j797-5qqw #2754

x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5x96-j797-5qqw #2754

GoVulnBot commented Apr 24, 2024

gopherbot commented May 17, 2024

gopherbot commented Jun 3, 2024

x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5x96-j797-5qqw #2754

x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-5x96-j797-5qqw #2754

Comments

GoVulnBot commented Apr 24, 2024

gopherbot commented May 17, 2024

gopherbot commented Jun 3, 2024