Credential Exposure

Affecting github.com/kubernetes/kubernetes/azure_file package, versions <1.18.0

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

github.com/kubernetes/kubernetes/azure_file is an open source system for managing containerized applications across multiple hosts. It provides basic mechanisms for deployment, maintenance, and scaling of applications.

Affected versions of this package are vulnerable to Credential Exposure. The Kubernetes kube-controller-manager is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

Remediation

Upgrade github.com/kubernetes/kubernetes/azure_file to version 1.18.0 or higher.

References

CVSS Score

6.5
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    Low
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    High
  • Integrity
    None
  • Availability
    None
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/RL:O/RC:C
Credit
Unknown
CVE
CVE-2019-11252
CWE
CWE-256
Snyk ID
SNYK-GOLANG-GITHUBCOMKUBERNETESKUBERNETESAZUREFILE-590094
Disclosed
24 Jul, 2020
Published
24 Jul, 2020