Advisories for Npm/@Mittwald/Kubernetes package

2023

@mittwald/kubernetes's secret contents leaked via debug logging

When debug logging is enabled (via DEBUG environment variable), the Kubernetes client may log all response bodies into the debug log – including sensitive data from Secret resources. When running in a Kubernetes cluster, this might expose sensitive information to users who are not authorised to access secrets, but have access to Pod logs (either directly using kubectl, or by Pod logs being shipped elsewhere). Upgrade to 3.5.0 or newer. …