{"url":"http://public2.vulnerablecode.io/api/packages/626638?format=json","purl":"pkg:npm/%40mittwald/kubernetes@3.4.2","type":"npm","namespace":"@mittwald","name":"kubernetes","version":"3.4.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.5.0","latest_non_vulnerable_version":"3.5.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/361112?format=json","vulnerability_id":"VCID-yepv-hau1-nug2","summary":"@mittwald/kubernetes's secret contents leaked via debug logging\n### Impact\n\nWhen debug logging is enabled (via `DEBUG` environment variable), the Kubernetes client may log all response bodies into the debug log -- including sensitive data from `Secret` resources.\n\nWhen running in a Kubernetes cluster, this might expose sensitive information to users who are _not_ authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere).\n\n### Patches\nUpgrade to 3.5.0 or newer.\n\n### Workarounds\nDisable debug logging entirely, or exclude the `kubernetes:client` debug item (for example, using `DEBUG=*,-kubernetes:client`).\n\n### References\n\n- https://cwe.mitre.org/data/definitions/532.html","references":[{"reference_url":"https://github.com/mittwald/node-kubernetes","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mittwald/node-kubernetes"},{"reference_url":"https://github.com/mittwald/node-kubernetes/commit/04f6809fd438417c343d541e57f76f0040e069cd","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mittwald/node-kubernetes/commit/04f6809fd438417c343d541e57f76f0040e069cd"},{"reference_url":"https://github.com/mittwald/node-kubernetes/releases/tag/v3.5.0","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mittwald/node-kubernetes/releases/tag/v3.5.0"},{"reference_url":"https://github.com/mittwald/node-kubernetes/security/advisories/GHSA-g35x-j6jj-8g7j","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mittwald/node-kubernetes/security/advisories/GHSA-g35x-j6jj-8g7j"},{"reference_url":"https://github.com/advisories/GHSA-g35x-j6jj-8g7j","reference_id":"GHSA-g35x-j6jj-8g7j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g35x-j6jj-8g7j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/382065?format=json","purl":"pkg:npm/%40mittwald/kubernetes@3.5.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540mittwald/kubernetes@3.5.0"}],"aliases":["GHSA-g35x-j6jj-8g7j","GMS-2023-1356"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yepv-hau1-nug2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/%2540mittwald/kubernetes@3.4.2"}