CVE-2020-8566

Summary

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetes< 1.19.3affected
KubernetesKubernetes< 1.18.10affected
KubernetesKubernetes< 1.17.13affected

Weaknesses

  • CWE-532: CWE-532 Information Exposure Through Log Files

Workarounds

Do not enable verbose logging in production (log level >= 4), limit access to logs.

ADP Enrichment

CVE Program Container

Additional References

References