Main Vulnerability Database Vulnerabilities #VU64820

#VU64820 Inclusion of Sensitive Information in Log Files in Kubernetes - CVE-2020-8565

Published: June 30, 2022

Vulnerability identifier: #VU64820

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-8565

CWE-ID: CWE-532

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Kubernetes

Software vendor:
Kubernetes

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to authorization and bearer tokens will be written to log files if the logging level is set to at least 9. A local user can read the log files and gain access to sensitive data.

Remediation

Install updates from vendor's website.

External links

https://github.com/kubernetes/kubernetes/issues/95623
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
https://bugzilla.redhat.com/show_bug.cgi?id=1886638

#VU64820 Inclusion of Sensitive Information in Log Files in Kubernetes - CVE-2020-8565

Description

Remediation

External links

Please verify you're human