Lucene search

K
redhatcveRedhat.comRH:CVE-2020-8566
HistoryOct 16, 2020 - 12:01 a.m.

CVE-2020-8566

2020-10-1600:01:59
redhat.com
access.redhat.com
7

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

14.8%

A flaw was found in kubernetes. If the logging level is to at least 4, and Ceph RBD is configured as a storage provisioner, then Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager’s logs during provisioning of Ceph RBD persistent claims.

Mitigation

OCP Clusters not using Ceph RBD volumes are not vulnerable to this issue. For clusters using Ceph RBD volumes, this can be mitigated by ensuring the logging level is below 4 and protecting unauthorized access to cluster logs.

For OCP, the logging level for core components can be configured using operators, e.g. for kube-controller-manager:
<https://docs.openshift.com/container-platform/latest/rest_api/operator_apis/kubecontrollermanager-operator-openshift-io-v1.html#specification&gt;

In OCP, a logging level of "Debug" is equivalent to 4:
<https://github.com/openshift/api/blob/master/operator/v1/types.go#L96&gt;

The default logging level is "Normal", which is equivalent to 2. Clusters running with the default level are not vulnerable to this issue.

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0005 Low

EPSS

Percentile

14.8%

Related for RH:CVE-2020-8566