CVE-2020-8565

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-8565
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8565.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-8565
Aliases
Related
Published
2020-12-07T22:15:21Z
Modified
2024-12-10T16:00:04Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

References

Affected packages

Debian:11 / kubernetes

Package

Name
kubernetes
Purl
pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name
kubernetes
Purl
pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kubernetes/kubelet