| modules: |
| - module: k8s.io/client-go |
| versions: |
| - fixed: 0.17.0 |
| vulnerable_at: 0.16.16-rc.0 |
| packages: |
| - package: k8s.io/client-go/transport |
| symbols: |
| - debuggingRoundTripper.RoundTrip |
| derived_symbols: |
| - basicAuthRoundTripper.RoundTrip |
| - bearerAuthRoundTripper.RoundTrip |
| - impersonatingRoundTripper.RoundTrip |
| - userAgentRoundTripper.RoundTrip |
| - module: k8s.io/kubernetes |
| versions: |
| - fixed: 1.16.0-beta.1 |
| packages: |
| - package: k8s.io/kubernetes/staging/src/k8s.io/client-go/transport |
| symbols: |
| - debuggingRoundTripper.RoundTrip |
| skip_fix: 'TODO: fill this out [or set vulnerable_at to derive symbols]' |
| description: | |
| Authorization tokens may be inappropriately logged if the verbosity |
| level is set to a debug level. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2019-11250 |
| references: |
| - fix: https://github.com/kubernetes/kubernetes/pull/81330 |
| - fix: https://github.com/kubernetes/kubernetes/commit/4441f1d9c3e94d9a3d93b4f184a591cab02a5245 |
| - web: https://github.com/kubernetes/kubernetes/issues/81114 |
