Lucene search
Veracode Vulnerability DatabaseVERACODE:21313HistoryAug 16, 2019 - 12:35 a.m.
Information Disclosure
2019-08-1600:35:04
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
16
EPSS
0.001
Percentile
48.9%
github.com/kubernetes/kube-state-metrics is vulnerable to information disclosure. The vulnerability exists as it is possible to cause the entire content of Secrets to show up in the metrics label through kubectl and kube-state-metrics.
References
www.openwall.com/lists/oss-security/2019/08/15/8
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10223
github.com/advisories/GHSA-2v6x-frw8-7r7f
github.com/kubernetes/kube-state-metrics/commit/2d8d31b12a57c295a0f0fc510da43885bfff76fb
github.com/kubernetes/kube-state-metrics/pull/859
github.com/kubernetes/kube-state-metrics/releases/tag/v1.7.2
www.openwall.com/lists/oss-security/2019/08/09/1
Related
redhatcve
redhatcve
CVE-2019-10223
2019-08-15 04:40:55
prion
prion
Design/Logic Flaw
2019-11-05 12:15:00
github
github
kube-state-metrics may expose secret content in metrics
2022-05-24 17:00:21
cve
cve
CVE-2019-10223
2019-11-05 12:15:10
CVE-2019-17110
2019-10-03 20:15:10
cvelist
cvelist
CVE-2019-10223
2019-11-05 11:40:37
nvd
nvd
CVE-2019-10223
2019-11-05 12:15:10
CVE-2019-17110
2019-10-03 20:15:10
osv
osv
kube-state-metrics may expose secret content in metrics
2022-05-24 17:00:21
Exposure of sensitive information in k8s.io/kube-state-metrics
2021-05-18 15:38:54
CVE-2019-10223
2019-11-05 12:15:10
