CVE-2020-8566
published 2020-12-07CVE-2020-8566: In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in…
PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.52%
40.2th percentile
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.19.3-1 (bookworm) | kubernetes 1.19.3-1 (bookworm) |
| github.com | kubernetes_kubernetes | >= 0 < 1.17.13 | 1.17.13 |
| github.com | kubernetes_kubernetes | >= 1.18.0 < 1.18.10 | 1.18.10 |
| github.com | kubernetes_kubernetes | >= 1.19.0 < 1.19.3 | 1.19.3 |
| k8s.io | kubernetes | >= 0 < 1.17.13 | 1.17.13 |
| k8s.io | kubernetes | >= 1.18.0 < 1.18.10 | 1.18.10 |
| k8s.io | kubernetes | >= 1.19.0 < 1.19.3 | 1.19.3 |
| kubernetes | kubernetes | < 1.19.3 | 1.19.3 |
| kubernetes | kubernetes | < 1.18.10 | 1.18.10 |
| kubernetes | kubernetes | < 1.17.13 | 1.17.13 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 0 < 1.19.3-1 | 1.19.3-1 |
| kubernetes | kubernetes | >= 1.17.0 < 1.17.13 | 1.17.13 |
| kubernetes | kubernetes | >= 1.18.0 < 1.18.10 | 1.18.10 |
| kubernetes | kubernetes | >= 1.19.0 < 1.19.3 | 1.19.3 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv5.5MEDIUM
vendor_debian4.7MEDIUM
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
osv·2024-06-04
CVE-2020-8566 Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
Sensitive Information leak for users of Ceph RBD via Log File in k8s.io/kubernetes
GHSA
Sensitive Information leak via Log File in Kubernetes
ghsa·2024-04-24
CVE-2020-8566 [MEDIUM] CWE-532 Sensitive Information leak via Log File in Kubernetes
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
OSV
Sensitive Information leak via Log File in Kubernetes
osv·2024-04-24
CVE-2020-8566 [MEDIUM] Sensitive Information leak via Log File in Kubernetes
Sensitive Information leak via Log File in Kubernetes
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
OSV
CVE-2020-8566: In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs
osv·2020-12-07·CVSS 5.5
CVE-2020-8566 [MEDIUM] CVE-2020-8566: In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Red Hat
kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4
vendor_redhat·2020-10-14·CVSS 4.7
CVE-2020-8566 [MEDIUM] CWE-117 kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4
kubernetes: Ceph RBD adminSecrets exposed in logs when loglevel >= 4
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
A flaw was found in kubernetes. If the logging level is to at least 4, and Ceph RBD is configured as a storage provisioner, then Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims.
Statement: OpenShift Container Platform 4 does not support Ceph RBD persistent volumes, however the vulnerable code is included.
Mitigation: OCP Clusters not using
Debian
CVE-2020-8566: kubernetes - In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging lev...
vendor_debian·2020·CVSS 4.7
CVE-2020-8566 [MEDIUM] CVE-2020-8566: kubernetes - In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging lev...
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Scope: local
bookworm: resolved (fixed in 1.19.3-1)
bullseye: resolved (fixed in 1.19.3-1)
forky: resolved (fixed in 1.19.3-1)
sid: resolved (fixed in 1.19.3-1)
trixie: resolved (fixed in 1.19.3-1)
No detection rules found.
No public exploits indexed.
https://github.com/kubernetes/kubernetes/issues/95624https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJhttps://security.netapp.com/advisory/ntap-20210122-0006/https://github.com/kubernetes/kubernetes/issues/95624https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJhttps://security.netapp.com/advisory/ntap-20210122-0006/
2020-12-07
Published