K8S.Io Client-Go vulnerabilities

CVE-2020-8565 [MEDIUM] CWE-532 Kubernetes client-go vulnerable to Sensitive Information Leak via Log File Kubernetes client-go vulnerable to Sensitive Information Leak via Log File In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, < v1.20.0-alpha2.

CVE-2019-11250 [MEDIUM] CWE-532 Kubernetes client-go library logs may disclose credentials to unauthorized users Kubernetes client-go library logs may disclose credentials to unauthorized users The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at hig

CVE-2019-11244 [MEDIUM] CWE-524 Kubernetes Unsafe Cacheing Kubernetes Unsafe Cacheing In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by `--cache-dir` (defaulting to `$HOME/.kube/http-cache`), written with world-writeable permissions (`rw-rw-rw-`). If `--cache-dir` is specified and pointed at a different location accessible to other users/groups, the written files may be modified by other users/groups and disrupt the kubectl invocation.