github.com/kubernetes/kube-state-metrics is vulnerable to information disclosure. The vulnerability exists as it is possible to cause the entire content of Secrets to show up in the metrics label through kubectl
and kube-state-metrics
.
www.openwall.com/lists/oss-security/2019/08/15/8
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10223
github.com/advisories/GHSA-2v6x-frw8-7r7f
github.com/kubernetes/kube-state-metrics/commit/2d8d31b12a57c295a0f0fc510da43885bfff76fb
github.com/kubernetes/kube-state-metrics/pull/859
github.com/kubernetes/kube-state-metrics/releases/tag/v1.7.2
www.openwall.com/lists/oss-security/2019/08/09/1