CVE-2020-8564
published 2020-12-07CVE-2020-8564: In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file…
PriorityP423medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.46%
36.6th percentile
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.19.3-1 (bookworm) | kubernetes 1.19.3-1 (bookworm) |
| github.com | kubernetes_kubernetes | >= 0 < 1.17.13 | 1.17.13 |
| github.com | kubernetes_kubernetes | >= 1.18.0 < 1.18.10 | 1.18.10 |
| github.com | kubernetes_kubernetes | >= 1.19.0 < 1.19.3 | 1.19.3 |
| k8s.io | kubernetes | >= 0 < 1.20.0-alpha.1 | 1.20.0-alpha.1 |
| kubernetes | kubernetes | < 1.19.3 | 1.19.3 |
| kubernetes | kubernetes | < 1.18.10 | 1.18.10 |
| kubernetes | kubernetes | < 1.17.13 | 1.17.13 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 1.17.0 < 1.17.13 | 1.17.13 |
| kubernetes | kubernetes | >= 1.18.0 < 1.18.10 | 1.18.10 |
| kubernetes | kubernetes | >= 1.19.0 < 1.19.3 | 1.19.3 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian4.7MEDIUM
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Kubernetes Sensitive Information leak via Log File
ghsa·2023-02-06
CVE-2020-8564 [MEDIUM] CWE-532 Kubernetes Sensitive Information leak via Log File
Kubernetes Sensitive Information leak via Log File
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
OSV
Kubernetes Sensitive Information leak via Log File
osv·2023-02-06
CVE-2020-8564 [MEDIUM] Kubernetes Sensitive Information leak via Log File
Kubernetes Sensitive Information leak via Log File
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
OSV
Sensitive information leak via log file in k8s.io/kubernetes
osv·2021-04-14
CVE-2020-8564 Sensitive information leak via log file in k8s.io/kubernetes
Sensitive information leak via log file in k8s.io/kubernetes
Attempting to read a malformed .dockercfg may cause secrets to be inappropriately logged.
OSV
CVE-2020-8564: In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config
osv·2020-12-07·CVSS 5.5
CVE-2020-8564 [MEDIUM] CVE-2020-8564: In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Red Hat
kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4
vendor_redhat·2020-10-14·CVSS 4.7
CVE-2020-8564 [MEDIUM] CWE-117 kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4
kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file.
Package: heketi (Red Hat Storage 3) - Not affected
Debian
CVE-2020-8564: kubernetes - In Kubernetes clusters using a logging level of at least 4, processing a malform...
vendor_debian·2020·CVSS 4.7
CVE-2020-8564 [MEDIUM] CVE-2020-8564: kubernetes - In Kubernetes clusters using a logging level of at least 4, processing a malform...
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Scope: local
bookworm: resolved (fixed in 1.19.3-1)
bullseye: resolved (fixed in 1.19.3-1)
forky: resolved (fixed in 1.19.3-1)
sid: resolved (fixed in 1.19.3-1)
trixie: resolved (fixed in 1.19.3-1)
No detection rules found.
No public exploits indexed.
https://github.com/kubernetes/kubernetes/issues/95622https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJhttps://security.netapp.com/advisory/ntap-20210122-0006/https://github.com/kubernetes/kubernetes/issues/95622https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJhttps://security.netapp.com/advisory/ntap-20210122-0006/
2020-12-07
Published