CVE-2020-8563

Summary

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes< 1.19.3affected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

Workarounds

Do not enable verbose logging in production (log level >= 4), limit access to logs.

ADP Enrichment

CVE Program Container

Additional References

References