Описание
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
Отчет
This issue does not affect the version of Kubernetes(embedded in heketi) shipped with Red Hat Gluster Storage 3 as it does not contain the vulnerable functionality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.4 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.6 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.7 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 3.9 | atomic-openshift | Not affected | ||
| Red Hat OpenShift Container Platform 4 | openshift | Not affected | ||
| Red Hat Storage 3 | heketi | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
3.1 Low
CVSS3
Связанные уязвимости
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientCon ...
Kubernetes did not effectively clear service account credentials
EPSS
3.1 Low
CVSS3