k8s.io/client-go (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package k8s.io/client-go, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2019-11250 — CVSS 6.5 (medium): The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized…
CVE-2019-11244 — CVSS 5.0 (medium): In Kubernetes v1.8.x-v1.14.x, schema info is cached by kubectl in the location specified by --cache-dir (defaulting to…
CVE-2020-8565 — CVSS 4.7 (medium): In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both…