Kubernetes did not effectively clear service account credentials

In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig method returns a copy of the provided config, with credentials removed bearer token, username/password, and client certificate/key data. In the affected versions, rest.AnonymousClientConfig did not effectively clear service...

PT-2019-12209 · Kubernetes +1 · Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Kubernetes versions 1.12.0 through 1.12.4 Kubernetes version 1.13.0 Description: The issue concerns the rest.AnonymousClientConfig method, which is supposed to return a copy of the provided config with credentials removed. However, in the...