CVE-2020-8565

Summary

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes<= 1.19.3affected
KubernetesKubernetes<= 1.18.10affected
KubernetesKubernetes<= 1.17.13affected
KubernetesKubernetes< 1.20.0-alpha2affected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

Workarounds

Do not enable verbose logging in production (log level >= 9), limit access to logs.

ADP Enrichment

CVE Program Container

Additional References

References