VYPR
Moderate severityNVD Advisory· Published Dec 7, 2020· Updated Sep 16, 2024

Docker config secrets leaked when file is malformed and loglevel >= 4

CVE-2020-8564

Description

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/kubernetes/kubernetesGo
>= 1.19.0, < 1.19.31.19.3
github.com/kubernetes/kubernetesGo
>= 1.18.0, < 1.18.101.18.10
github.com/kubernetes/kubernetesGo
< 1.17.131.17.13
k8s.io/kubernetesGo
< 1.20.0-alpha.11.20.0-alpha.1

Affected products

36

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.