Information Exposure Through Log Files The advisory has been revoked - it doesn't affect any version of package node-problem-detector Open this link in a new tab
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-WOLFILATEST-NODEPROBLEMDETECTOR-5862811
- published 28 Aug 2023
- disclosed 29 Aug 2019
Introduced: 29 Aug 2019
CVE-2019-11250 Open this link in a new tabAmendment
The Wolfi security team deemed this advisory irrelevant for Wolfi:latest.
NVD Description
Note: Versions mentioned in the description apply only to the upstream node-problem-detector package and not the node-problem-detector package as distributed by Wolfi.
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.