The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.
The product writes sensitive information to a log file.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kubernetes | Kubernetes | * | 1.15.3 (excluding) |
| Kubernetes | Kubernetes | 1.15.3 (including) | 1.15.3 (including) |
| Kubernetes | Kubernetes | 1.15.4-beta0 (including) | 1.15.4-beta0 (including) |
| Kubernetes | Kubernetes | 1.16.0-alpha1 (including) | 1.16.0-alpha1 (including) |
| Kubernetes | Kubernetes | 1.16.0-alpha2 (including) | 1.16.0-alpha2 (including) |
| Kubernetes | Kubernetes | 1.16.0-alpha3 (including) | 1.16.0-alpha3 (including) |
| Kubernetes | Kubernetes | 1.16.0-beta1 (including) | 1.16.0-beta1 (including) |
| Kubernetes | Kubernetes | 1.16.0-beta2 (including) | 1.16.0-beta2 (including) |
| Red Hat OpenShift Container Platform 3.11 | RedHat | atomic-openshift-0:3.11.157-1.git.0.dfe38da.el7 | * |
| Red Hat OpenShift Container Platform 4.1 | RedHat | openshift-0:4.1.27-201912021146.git.0.a40116f.el7 | * |