Note:
This project will be discontinued after December 13, 2021. [more]
2020-07-23
The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.
| Products | Kubernetes |
| Type | Information Exposure Through an Error Message (CWE-209) |
| First patch | - None (likely due to unavailable code) |
| Links | https://github.com/kubernetes/kubernetes/pull/88684 |