5 matches found
SUSE CVE-2019-11243
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig method returns a copy of the provided config, with credentials removed bearer token, username/password, and client certificate/key data. In the affected versions, rest.AnonymousClientConfig did not effectively clear service...
CVE-2019-11243
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig method returns a copy of the provided config, with credentials removed bearer token, username/password, and client certificate/key data. In the affected versions, rest.AnonymousClientConfig did not effectively clear service...
kubernetes security update
1.9.11-2.7.1 - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache= ' - creates world-writeable cached schema files 1.9.11-2.6.1 - OLCNE-382 CVE-2019-11243 rest.AnonymousClientConfig does not remove the sa credentials...
kubernetes security update
1.11.3-2.7.2 - OLCNE-494 CVE-2019-11244 fix CVE-2019-11244: 'kubectl --http-cache= ' - creates world-writeable cached schema files 1.11.3.2.6.2 - OLCNE-384 CVE-2019-11243 rest.AnonymousClientConfig does not remove the serviceaccount credentials from config created by rest.InClusterConfig...
CVE-2019-11243
Kubernetes CVE-2019-11243 affects v1.12.0–v1.12.4 and v1.13.0, where rest.AnonymousClientConfig() copies the config without clearing service account credentials loaded via rest.InClusterConfig(), potentially exposing credentials. Upgrade to a fixed version per vendor advisories.