Moderate severityNVD Advisory· Published Dec 7, 2020· Updated Sep 17, 2024
Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9
CVE-2020-8565
Description
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/client-goGo | >= 0.19.0, < 0.19.6 | 0.19.6 |
k8s.io/client-goGo | >= 0.20.0-alpha.0, < 0.20.0-alpha.2 | 0.20.0-alpha.2 |
k8s.io/client-goGo | >= 0.18.0, < 0.18.14 | 0.18.14 |
k8s.io/client-goGo | < 0.17.16 | 0.17.16 |
k8s.io/kubernetesGo | < 1.20.0-alpha.2 | 1.20.0-alpha.2 |
Affected products
36- osv-coords35 versionspkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/nodetaintpkg:apk/chainguard/sparkctlpkg:apk/chainguard/spark-operatorpkg:apk/chainguard/spark-operator-oci-entrypointpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/nodetaintpkg:apk/wolfi/sparkctlpkg:apk/wolfi/spark-operatorpkg:apk/wolfi/spark-operator-oci-entrypointpkg:golang/k8s.io/client-gopkg:golang/k8s.io/kubernetespkg:rpm/suse/kubernetes&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP1
< 2.2.0-r3+ 34 more
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 0
- (no CPE)range: < 2.1.0-r8
- (no CPE)range: < 2.1.0-r8
- (no CPE)range: < 2.1.0-r8
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 2.2.0-r3
- (no CPE)range: < 0
- (no CPE)range: < 2.1.0-r8
- (no CPE)range: < 2.1.0-r8
- (no CPE)range: < 2.1.0-r8
- (no CPE)range: >= 0.19.0, < 0.19.6
- (no CPE)range: < 1.20.0-alpha.2
- (no CPE)range: < 1.17.13-4.21.2
- Range: <= 1.19.3
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-8cfg-vx93-jvxwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8565ghsaADVISORY
- github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3ghsaWEB
- github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0ghsaWEB
- github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86ghsaWEB
- github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373ghsaWEB
- github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419ghsaWEB
- github.com/kubernetes/kubernetes/issues/95623ghsax_refsource_CONFIRMWEB
- github.com/kubernetes/kubernetes/pull/95316ghsaWEB
- groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJghsamailing-listx_refsource_MLISTWEB
- pkg.go.dev/vuln/GO-2021-0064ghsaWEB
News mentions
0No linked articles in our index yet.