{"id":"GO-2021-0064","summary":"Unauthorized credential disclosure via debug logs in k8s.io/kubernetes and k8s.io/client-go","details":"Authorization tokens may be inappropriately logged if the verbosity level is set to a debug level. This is due to an incomplete fix for CVE-2019-11250.","aliases":["CVE-2020-8565","GHSA-8cfg-vx93-jvxw"],"modified":"2026-03-17T04:08:22.753476Z","published":"2021-04-14T20:04:52Z","related":["CGA-r5j8-36p9-q5pc"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0064","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/kubernetes/kubernetes/pull/95316"},{"type":"FIX","url":"https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419"},{"type":"WEB","url":"https://github.com/kubernetes/kubernetes/issues/95623"}],"affected":[{"package":{"name":"k8s.io/client-go","ecosystem":"Go","purl":"pkg:golang/k8s.io/client-go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.20.0-alpha.2"}]}],"ecosystem_specific":{"imports":[{"symbols":["basicAuthRoundTripper.RoundTrip","bearerAuthRoundTripper.RoundTrip","debuggingRoundTripper.RoundTrip","impersonatingRoundTripper.RoundTrip","requestInfo.toCurl","userAgentRoundTripper.RoundTrip"],"path":"k8s.io/client-go/transport"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0064.json"}}],"schema_version":"1.7.5","credits":[{"name":"@sfowl"}]}