VYPR
Moderate severityNVD Advisory· Published Dec 7, 2020· Updated Sep 17, 2024

Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9

CVE-2020-8565

Description

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
k8s.io/client-goGo
>= 0.19.0, < 0.19.60.19.6
k8s.io/client-goGo
>= 0.20.0-alpha.0, < 0.20.0-alpha.20.20.0-alpha.2
k8s.io/client-goGo
>= 0.18.0, < 0.18.140.18.14
k8s.io/client-goGo
< 0.17.160.17.16
k8s.io/kubernetesGo
< 1.20.0-alpha.21.20.0-alpha.2

Affected products

36

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.