CVE-2020-8564

Summary

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes< 1.19.3affected
KubernetesKubernetes< 1.18.10affected
KubernetesKubernetes< 1.17.13affected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

Workarounds

Do not enable verbose logging in production (log level >= 4), limit access to logs.

ADP Enrichment

CVE Program Container

Additional References

References