CVE-2020-8565

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

Weakness

The product writes sensitive information to a log file.

Affected Software

Name	Vendor	Start Version	End Version
Kubernetes	Kubernetes	1.17.0 (including)	1.17.13 (including)
Kubernetes	Kubernetes	1.18.0 (including)	1.18.10 (including)
Kubernetes	Kubernetes	1.19.0 (including)	1.19.3 (including)
Red Hat OpenShift Container Storage 4.7.0 on RHEL-8	RedHat	ocs4/rook-ceph-rhel8-operator:4.7-140.49a6fcf.release_4.7	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/cephcsi-rhel8:4.8-125.01872cc.release_4.8	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/mcg-core-rhel8:5.8.0-38.e060925.5.8	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/mcg-rhel8-operator:5.8.0-27.4a6ca5f.5.8	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/ocs-must-gather-rhel8:4.8-196.a35d7d7.release_4.8	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/ocs-operator-bundle:4.8.0-5	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/ocs-rhel8-operator:4.8-196.a35d7d7.release_4.8	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/rook-ceph-rhel8-operator:4.8-167.9a9db5f.release_4.8	*
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8	RedHat	ocs4/volume-replication-rhel8-operator:4.8-20.ab575a2.release_v0.1	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	mcg-0:5.9.0-28.61dcf87.5.9.el8	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/cephcsi-rhel8:4.9-164.57484e3.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/ocs-must-gather-rhel8:4.9-257.4181add.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/ocs-operator-bundle:4.9.0-5	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/ocs-rhel8-operator:4.9-257.4181add.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odf-console-rhel8:4.9-39.0f2fa23.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odf-multicluster-operator-bundle:4.9.0-5	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odf-operator-bundle:4.9.0-5	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odf-rhel8-operator:4.9-59.c8bbc1f.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odr-cluster-operator-bundle:4.9.0-5	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odr-hub-operator-bundle:4.9.0-5	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/odr-rhel8-operator:4.9-27.3d037cc.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/rook-ceph-rhel8-operator:4.9-219.c3f67c6.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf4/volume-replication-rhel8-operator:4.9-28.82f68db.release_4.9	*
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8	RedHat	odf/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9	*
Kubernetes	Ubuntu	focal	*
Kubernetes	Ubuntu	groovy	*
Kubernetes	Ubuntu	hirsute	*
Kubernetes	Ubuntu	impish	*
Kubernetes	Ubuntu	kinetic	*
Kubernetes	Ubuntu	lunar	*
Kubernetes	Ubuntu	mantic	*
Kubernetes	Ubuntu	oracular	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/215.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-8565
CWE	https://cwe.mitre.org/data/definitions/532.html

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

References

CVE-2020-8565

Insertion of Sensitive Information into Log File

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References