CVE-2020-8565
Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
En Kubernetes, si el nivel de registro se establece en al menos 9, los tokens de autorización y portador se escribirán en los archivos de registro. Esto puede ocurrir tanto en los registros del servidor API como en la salida de la herramienta cliente como kubectl. Esto afecta a versiones anteriores e iguales a v1.19.3, versiones anteriores e iguales a v1.18.10, versiones anteriores e iguales a v1.17.13, versiones anteriores a v1.20.0-alpha2
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-03 CVE Reserved
- 2020-12-07 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-117: Improper Output Neutralization for Logs
- CWE-532: Insertion of Sensitive Information into Log File
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/kubernetes/kubernetes/issues/95623 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ | 2020-12-08 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2020-8565 | 2021-12-13 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1886638 | 2021-12-13 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.17.0 <= 1.17.13 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.17.0 <= 1.17.13" | - |
Affected
| ||||||
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.18.0 <= 1.18.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.18.0 <= 1.18.10" | - |
Affected
| ||||||
Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | >= 1.19.0 <= 1.19.3 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.19.0 <= 1.19.3" | - |
Affected
|