CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

UBUNTU-CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

CVE-2020-8563 Secret leaks in logs for vSphere Provider kube-controller-manager

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

CVE-2020-8563

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...

Inclusion of Sensitive Information in Log Files

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims...

Information Disclosure

github.com/kubernetes/kubernetes is vulnerable to information disclosure. When using using VSphere as a cloud provider a with logging level set to 4 or above, VSphere cloud credentials will are leaked in the cloud controller manager's log...

Unspecified vulnerability in Kubernetes kube-controller-manager

Kubernetes is an open source Docker container cluster management system released by the Linux Foundation. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. kube-controller-manager is one of the control...

CVE-2019-11252

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...

DEBIAN-CVE-2019-11252

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...

Design/Logic Flaw

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...

CVE-2019-11252

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...

CVE-2019-11252

CVE-2019-11252 affects Kubernetes kube-controller-manager (versions v1.0–v1.17). It leaks credentials via error messages in mount failure logs/events for AzureFile and CephFS volumes, enabling access to user credentials if logs are obtained. The issue is specifically tied to credential leakage th...

CVE-2019-11252

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes...

Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes controller manager security vulnerability (CVE-2020-8555)

Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes controller manager that could leak data to authorized users CVE-2020-8555 Vulnerability Details CVEID: CVE-2020-8555 Description: Kubernetes is vulnerable to server-side request forgery, caused by a...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

RHEL 7 / 8 : OpenShift Container Platform 4.4.8 openshift (RHSA-2020:2448)

The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2448 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11 atomic-openshift security update

An update for atomic-openshift is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...