Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
kube-audit-rest's example logging configuration could disclose secret values in the audit log
Vulnerability Description
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
kube-audit-rest 安全漏洞
Vulnerability Description
kube-audit-rest是Richard Tweed个人开发者的一个 Kubernetes 审计日志记录。 kube-audit-rest 1.0.16之前版本存在安全漏洞,该漏洞源于如果将full-elastic-stack示例矢量配置用于真实集群,则kubernetes secrets的先前值将在审计消息中泄露。
CVSS Information
N/A
Vulnerability Type
N/A