Impact
What kind of vulnerability is it? Who is impacted?
If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages.
Patches
Has the problem been patched? What versions should users upgrade to?
The example has been updated to fix this in commit 9df8886
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Replace
if .request.requestKind.kind == "Secret" {
del(.request.object.data)
.request.object.data.redacted = "REDACTED"
del(.request.oldObject.data)
.request.oldObject.data.redacted = "REDACTED"
}In the vector "audit-files-json-parser-and-redaction" step
with
if .request.requestKind.kind == "Secret" {
# Redact the secret data
del(.request.object.data)
.request.object.data.redacted = "REDACTED"
del(.request.oldObject.data)
.request.oldObject.data.redacted = "REDACTED"
# Remove the previously set secret data - Not bothering to parse it as this annotation shouldn't ever be needed
del(.request.object.metadata.annotations.["kubectl.kubernetes.io/last-applied-configuration"])
del(.request.oldObject.metadata.annotations.["kubectl.kubernetes.io/last-applied-configuration"])
}References
Are there any links users can visit to find out more?
Impact
What kind of vulnerability is it? Who is impacted?
If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages.
Patches
Has the problem been patched? What versions should users upgrade to?
The example has been updated to fix this in commit 9df8886
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Replace
In the vector "audit-files-json-parser-and-redaction" step
with
References
Are there any links users can visit to find out more?