Home > Vulnerability Database > WS-2023-0118

Mend.io Vulnerability Database

WS-2023-0118

Good to know:

Date: November 3, 2024

It was found that @mittwald/kubernetes's secret contents leaked via debug logging. When debug logging is enabled (via DEBUG environment variable), the Kubernetes client may log all response bodies into the debug log -- including sensitive data from Secret resources. When running in a Kubernetes cluster, this might expose sensitive information to users who are not authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere). Versions 3.5.0 and above contain a patch.

Language: TYPE_SCRIPT

Severity Score

4.4

Related Resources (5)

Url: https://github.com/mittwald/node-kubernetes/commit/04f6809fd438417c343d541e57f76f0040e069cd

Url: https://github.com/mittwald/node-kubernetes/security/advisories/GHSA-g35x-j6jj-8g7j

Url: https://github.com/mittwald/node-kubernetes/releases/tag/v3.5.0

Url: https://github.com/mittwald/node-kubernetes

Url: https://www.mend.io/vulnerability-database/WS-2023-0118

Severity Score

4.4

Weakness Type (CWE)

Information Exposure Through Log Files

CWE-532

Top Fix

Upgrade Version

Upgrade to version @mittwald/kubernetes - 3.5.0

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2023-0118

Good to know:

Date: November 3, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?