Use of Hard-coded Password Affecting github.com/kubernetes/minikube package, versions <1.30.0


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.04% (16th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-GITHUBCOMKUBERNETESMINIKUBE-5602340
  • published25 May 2023
  • disclosed25 May 2023
  • creditUnknown

Introduced: 25 May 2023

CVE-2023-1944  (opens in a new tab)
CWE-259  (opens in a new tab)

How to fix?

Upgrade github.com/kubernetes/minikube to version 1.30.0 or higher.

Overview

Affected versions of this package are vulnerable to Use of Hard-coded Password by enabling ssh access to minikube container using a default password.

Note:

To mitigate these vulnerabilities, users must upgrade minikube to the latest version and delete any clusters created using an affected version.

CVSS Base Scores

version 3.1