CVE-2020-8564
Docker config secrets leaked when file is malformed and loglevel >= 4
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
En los clústeres de Kubernetes que usan un nivel de registro de al menos 4, el procesamiento de un archivo de configuración de docker malformado dará como resultado la filtración del contenido del archivo de configuración de docker, que puede incluir secretos de extracción u otras credenciales de registro. Esto afecta versiones anteriores a v1.19.3, versiones anteriores a v1.18.10, versiones anteriores a v1.17.13
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-03 CVE Reserved
- 2020-10-27 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-117: Improper Output Neutralization for Logs
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://github.com/kubernetes/kubernetes/issues/95622 | Third Party Advisory | |
https://security.netapp.com/advisory/ntap-20210122-0006 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | 2021-03-29 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-8564 | 2021-08-25 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1886637 | 2021-08-25 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.17.0 < 1.17.13 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.17.0 < 1.17.13" | - |
Affected
| ||||||
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.18.0 < 1.18.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.18.0 < 1.18.10" | - |
Affected
| ||||||
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.19.0 < 1.19.3 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.19.0 < 1.19.3" | - |
Affected
|