In Kubernetes v1.12.0-v1.12.4 and v1.13.0, the rest.AnonymousClientConfig() method returns a copy of the provided config, with credentials removed (bearer token, username/password, and client certificate/key data). In the affected versions, rest.AnonymousClientConfig() did not effectively clear service account credentials loaded using rest.InClusterConfig()
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2019-04-22T14:54:15

Updated: 2024-08-04T22:48:09.023Z

Reserved: 2019-04-17T00:00:00

Link: CVE-2019-11243

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-22T15:29:00.790

Modified: 2024-11-21T04:20:47.533

Link: CVE-2019-11243

cve-icon Redhat

Severity : Low

Publid Date: 2019-04-22T00:00:00Z

Links: CVE-2019-11243 - Bugzilla