| module = "k8s.io/kubernetes" |
| package = "k8s.io/kubernetes/pkg/credentialprovider" |
| |
| description = """ |
| Attempting to read a malformed .dockercfg may cause secrets to be |
| inappropriately logged. |
| """ |
| |
| cve = "CVE-2020-8564" |
| |
| credit = "@sfowl" |
| |
| symbols = ["readDockerConfigFileFromBytes", "readDockerConfigJSONFileFromBytes"] |
| |
| [[versions]] |
| fixed = "v1.20.0-alpha.1" |
| |
| [links] |
| commit = "https://github.com/kubernetes/kubernetes/commit/11793434dac97a49bfed0150b56ac63e5dc34634" |
| pr = "https://github.com/kubernetes/kubernetes/pull/94712" |
| context = ["https://github.com/kubernetes/kubernetes/issues/95622"] |
| |
| # This is a really confusing one to classify becuase of how kubernetes |
| # does their vendoring stuff. |