CVE-2020-8565

State: PUBLISHED · Published: 2020-12-07 · Updated: 2024-09-17 · Assigner: kubernetes

Description

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

CWE

CWE-532 — CWE-532 Information Exposure Through Log Files

Affected

Kubernetes / Kubernetes — v=<= 1.19.3 [affected]; v=<= 1.18.10 [affected]; v=<= 1.17.13 [affected]; v=< 1.20.0-alpha2 [affected]

CVSS

3.1 score=4.7 severity=MEDIUM CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

References

https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ mailing-list, x_refsource_MLIST
https://github.com/kubernetes/kubernetes/issues/95623 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2020/8xxx/CVE-2020-8565.json