Main Vulnerability Database Vulnerabilities #VU64820

Inclusion of Sensitive Information in Log Files in Kubernetes - CVE-2020-8565

Published: June 30, 2022

Vulnerability identifier: #VU64820

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8565

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Kubernetes

Affected software:
Kubernetes

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to authorization and bearer tokens will be written to log files if the logging level is set to at least 9. A local user can read the log files and gain access to sensitive data.

How to mitigate CVE-2020-8565

Install updates from vendor's website.

Sources

https://github.com/kubernetes/kubernetes/issues/95623
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
https://bugzilla.redhat.com/show_bug.cgi?id=1886638

Inclusion of Sensitive Information in Log Files in Kubernetes - CVE-2020-8565

Detailed vulnerability description

How to mitigate CVE-2020-8565

Sources

Please verify you're human