Alibaba Cloud has fixed vulnerability CVE-2019-16276 of Golang for Container Service for Kubernetes (ACK). This topic describes the impact and how to fix the vulnerability.

Background

Vulnerability CVE-2019-16276 is discovered by Golang. Kubernetes users can write a request header in a specific format to bypass the filter conditions in the authentication proxy and send authenticated requests to the backend API server on behalf of other users or groups. Golang has fixed this vulnerability. We recommend that you upgrade your Golang version.

For more information about vulnerability CVE-2019-16276, see CVE-2019-16276.

Affected versions

Clusters that use an authenticating proxy for authentication and the authenticating proxy server is written in Go.

Fixes

Upgrade Golang. For more information, see Install Go. You can download Golang 1.12.10 or 1.13.1 to recompile and deploy the authenticating proxy server. After Go is installed, you can run the go version command to check its version.