CVE-2020-8564
Docker config secrets leaked when file is malformed and loglevel >= 4
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
En los clústeres de Kubernetes que usan un nivel de registro de al menos 4, el procesamiento de un archivo de configuración de docker malformado dará como resultado la filtración del contenido del archivo de configuración de docker, que puede incluir secretos de extracción u otras credenciales de registro. Esto afecta versiones anteriores a v1.19.3, versiones anteriores a v1.18.10, versiones anteriores a v1.17.13
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file.
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. The runC tool is a lightweight, portable implementation of the Open Container Format that provides container runtime. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Issues addressed include information leakage, man-in-the-middle, and traversal vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-03 CVE Reserved
- 2020-10-27 CVE Published
- 2024-09-16 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-117: Improper Output Neutralization for Logs
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/kubernetes/kubernetes/issues/95622 | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20210122-0006 | Third Party Advisory |
|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | 2021-03-29 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-8564 | 2021-08-25 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1886637 | 2021-08-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.17.0 < 1.17.13 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.17.0 < 1.17.13" | - |
Affected
| ||||||
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.18.0 < 1.18.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.18.0 < 1.18.10" | - |
Affected
| ||||||
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.19.0 < 1.19.3 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.19.0 < 1.19.3" | - |
Affected
|