K8S.Io Kube-State-Metrics vulnerabilities

CVE-2019-10223 [MEDIUM] CWE-200 kube-state-metrics may expose secret content in metrics kube-state-metrics may expose secret content in metrics A security issue was discovered in the kube-state-metrics versions v1.7.0 and v1.7.1. An experimental feature was added to the v1.7.0 release that enabled annotations to be exposed as metrics. By default, the kube-state-metrics metrics only expose metadata about Secrets. However, a combination of the default `kubectl` behavior and this new feature can c

CVE-2019-17110 [MEDIUM] CWE-200 Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information # Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-c92w-72c5-9x59. This link is maintained to preserve external references. # Original Description A security issue was discovered in kube-state-metrics 1.7.x before 1.7.2. An experimental feature was added to v1.7.0 an