9 matches found
Insertion of Sensitive Information into Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...
Insertion of Sensitive Information into Log File
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...
CVE-2020-8565
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...
CVE-2020-8563 Secret leaks in logs for vSphere Provider kube-controller-manager
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...
CVE-2020-8563
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects v1.19.3...
CVE-2020-8564 Docker config secrets leaked when file is malformed and loglevel >= 4
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects v1.19.3, v1.18.10, v1.17.13...
CVE-2020-8565 Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...
CVE-2020-8565
CVE-2020-8565 affects Kubernetes components (notably API server and kubectl output) where, at logging level 9 or higher, authorization and bearer tokens are written to log files. Public-visibility details in connected docs confirm impact on multiple Kubernetes versions, including <= v1.19.3, &...
CVE-2020-8566 Ceph RBD adminSecrets exposed in logs when loglevel >= 4
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects v1.19.3, v1.18.10, v1.17.13...