/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-6688-9869-38cm

Published

Last updated

https://images.chainguard.dev/security/CGA-6688-9869-38cm
Package

kubernetes-secret-generator

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2019-11250
  • GHSA-jmrx-5g74-6v2f

Severity

6.5

Medium

CVSS V3

References

  • https://nvd.nist.gov/vuln/detail/CVE-2019-11250
  • https://github.com/advisories/GHSA-jmrx-5g74-6v2f

Updates

Status

Pending upstream fix

Impact

The vulnerable k8s.io/client-go v0.0.0-20191016111102-bec269661e48 cannot be updated as it is pinned to kubernetes-1.16.2 in go.mod. Because of significant changes in the module since then, updating to the fixed version (v0.17.0+) would require upstream code changes to handle the breaking changes introduced in newer Kubernetes client versions. Reference: https://github.com/mittwald/kubernetes-secret-generator/blob/1bf94b50ad1504926a5478d2618fc57dfb37b735/go.mod#L92

Status

Affected

Impact

Govulncheck found vulnerable symbols in Go binaries at the following locations: in kubernetes-secret-generator-3.4.1-r1.apk, at usr/bin/manager, usr/bin/manager.

Status

Under investigation

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal