Investigate vulnerability: Credentials Management in k8s.io/client-go

Issue created from vulnerability 857

Description:

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.

• Severity: medium
• Confidence: unknown
• Location: go.sum

Solution:

Upgrade to versions 1.15.4, 1.16.1-beta.0 or above.

Identifiers:

• Gemnasium-1c25a628-bd98-4001-a3c5-3cfe0561e7ef
• CVE-2019-11250

Links:

• https://nvd.nist.gov/vuln/detail/CVE-2019-11250

Scanner:

• Name: Gemnasium