Information Exposure Affecting github.com/kubernetes/kubernetes/pkg/credentialprovider package, versions <1.21.0-alpha.0
Do your applications use this vulnerable package?
- Snyk ID SNYK-GOLANG-GITHUBCOMKUBERNETESKUBERNETESPKGCREDENTIALPROVIDER-1048994
- published 8 Dec 2020
- disclosed 8 Dec 2020
- credit Unknown
How to fix?
github.com/kubernetes/kubernetes/pkg/credentialprovider to version 1.21.0-alpha.0 or higher.
Affected versions of this package are vulnerable to Information Exposure. Clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials.