Moderate severityNVD Advisory· Published Dec 7, 2020· Updated Sep 16, 2024

Secret leaks in logs for vSphere Provider kube-controller-manager

CVE-2020-8563

Description

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
github.com/kubernetes/kubernetesGo	< 1.19.3	1.19.3

Affected products

Kubernetes/Kubernetesv5
Range: < 1.19.3

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-5xfg-wv98-264mghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-8563ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsaWEB
github.com/kubernetes/kubernetes/issues/95621ghsax_refsource_CONFIRMWEB
github.com/kubernetes/kubernetes/pull/95236ghsaWEB
github.com/kubernetes/kubernetes/pull/95236/commits/247f6dd09299bc7893c1e0affea11c0255025b96ghsaWEB
groups.google.com/g/kubernetes-announce/c/ScdmyORnPDkghsaWEB
groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJghsamailing-listx_refsource_MLISTWEB
security.netapp.com/advisory/ntap-20210122-0006ghsaWEB
security.netapp.com/advisory/ntap-20210122-0006/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000