Sensitive Information leak via Log File in Kubernetes · CVE-2020-8566 · GitHub Advisory Database · GitHub

Sensitive Information leak via Log File in Kubernetes

Moderate severity GitHub Reviewed Published Apr 24, 2024 to the GitHub Advisory Database • Updated Apr 24, 2024

Package

github.com/kubernetes/kubernetes (Go)

Affected versions

< 1.17.13

>= 1.18.0, < 1.18.10

>= 1.19.0, < 1.19.3

Patched versions

1.17.13

1.18.10

1.19.3

Description

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.

References

Published to the GitHub Advisory Database Apr 24, 2024

Reviewed Apr 24, 2024

Last updated Apr 24, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N