CVE-2020-8565 - Vulnerability Details

Vendors	Products
Kubernetes	Kubernetes
Redhat	Openshift Container Storage Openshift Data Foundation

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Storage 4.7.0 on RHEL-8
ocs4/rook-ceph-rhel8-operator:4.7-140.49a6fcf.release_4.7	cpe:/a:redhat:openshift_container_storage:4.7::el8	RHSA-2021:2041	2021-05-19T00:00:00Z
Red Hat OpenShift Container Storage 4.8.0 on RHEL-8
ocs4/cephcsi-rhel8:4.8-125.01872cc.release_4.8	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
ocs4/mcg-core-rhel8:5.8.0-38.e060925.5.8	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
ocs4/mcg-rhel8-operator:5.8.0-27.4a6ca5f.5.8	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
ocs4/ocs-must-gather-rhel8:4.8-196.a35d7d7.release_4.8	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
ocs4/ocs-operator-bundle:4.8.0-5	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
ocs4/ocs-rhel8-operator:4.8-196.a35d7d7.release_4.8	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
ocs4/rook-ceph-rhel8-operator:4.8-167.9a9db5f.release_4.8	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
ocs4/volume-replication-rhel8-operator:4.8-20.ab575a2.release_v0.1	cpe:/a:redhat:openshift_container_storage:4.8::el8	RHBA-2021:3003	2021-08-03T00:00:00Z
Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8
mcg-0:5.9.0-28.61dcf87.5.9.el8	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5085	2021-12-13T00:00:00Z
odf4/cephcsi-rhel8:4.9-164.57484e3.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/ocs-must-gather-rhel8:4.9-257.4181add.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/ocs-operator-bundle:4.9.0-5	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/ocs-rhel8-operator:4.9-257.4181add.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odf-console-rhel8:4.9-39.0f2fa23.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odf-multicluster-operator-bundle:4.9.0-5	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odf-operator-bundle:4.9.0-5	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odf-rhel8-operator:4.9-59.c8bbc1f.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odr-cluster-operator-bundle:4.9.0-5	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odr-hub-operator-bundle:4.9.0-5	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/odr-rhel8-operator:4.9-27.3d037cc.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/rook-ceph-rhel8-operator:4.9-219.c3f67c6.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf4/volume-replication-rhel8-operator:4.9-28.82f68db.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z
odf/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9	cpe:/a:redhat:openshift_data_foundation:4.9::el8	RHSA-2021:5086	2021-12-13T00:00:00Z

Link	Providers
https://github.com/kubernetes/kubernetes/issues/95623
https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
https://nvd.nist.gov/vuln/detail/CVE-2020-8565
https://www.cve.org/CVERecord?id=CVE-2020-8565

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"status": "affected", "version": "<= 1.19.3"}, {"status": "affected", "version": "<= 1.18.10"}, {"status": "affected", "version": "<= 1.17.13"}, {"status": "affected", "version": "< 1.20.0-alpha2"}]}], "credits": [{"lang": "en", "value": "Patrick Rhomberg (purelyapplied)"}], "datePublic": "2020-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-12-07T22:00:19", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"name": "Multiple secret leaks when verbose logging is enabled", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubernetes/kubernetes/issues/95623"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/95623"], "discovery": "EXTERNAL"}, "title": "Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9", "workarounds": [{"lang": "en", "value": "Do not enable verbose logging in production (log level >= 9), limit access to logs."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2020-10-15T04:00:00.000Z", "ID": "CVE-2020-8565", "STATE": "PUBLIC", "TITLE": "Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_value": "<= 1.19.3"}, {"version_value": "<= 1.18.10"}, {"version_value": "<= 1.17.13"}, {"version_value": "< 1.20.0-alpha2"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Patrick Rhomberg (purelyapplied)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "Multiple secret leaks when verbose logging is enabled", "refsource": "MLIST", "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"name": "https://github.com/kubernetes/kubernetes/issues/95623", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/95623"}]}, "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/95623"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Do not enable verbose logging in production (log level >= 9), limit access to logs."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.382Z"}, "title": "CVE Program Container", "references": [{"name": "Multiple secret leaks when verbose logging is enabled", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/95623"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2020-8565", "datePublished": "2020-12-07T22:00:19.374983Z", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2024-09-17T00:05:58.669Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : Kubernetes (string)

vendor : Kubernetes (string)

versions : [ »

0 : { »

status : affected (string)

version : <= 1.19.3 (string)

}

1 : { »

status : affected (string)

version : <= 1.18.10 (string)

}

2 : { »

status : affected (string)

version : <= 1.17.13 (string)

}

3 : { »

status : affected (string)

version : < 1.20.0-alpha2 (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

value : Patrick Rhomberg (purelyapplied) (string)

}

]

datePublic : 2020-10-15T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 4.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-532 (string)

description : CWE-532 Information Exposure Through Log Files (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-12-07T22:00:19 (string)

orgId : a6081bf6-c852-4425-ad4f-a67919267565 (string)

shortName : kubernetes (string)

}

references : [ »

0 : { »

name : Multiple secret leaks when verbose logging is enabled (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

]

url : https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/kubernetes/kubernetes/issues/95623 (string)

}

]

source : { »

defect : [ »

0 : https://github.com/kubernetes/kubernetes/issues/95623 (string)

]

discovery : EXTERNAL (string)

}

title : Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (string)

workarounds : [ »

0 : { »

lang : en (string)

value : Do not enable verbose logging in production (log level >= 9), limit access to logs. (string)

}

]

x_generator : { »

engine : Vulnogram 0.0.9 (string)

}

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security@kubernetes.io (string)

DATE_PUBLIC : 2020-10-15T04:00:00.000Z (string)

ID : CVE-2020-8565 (string)

STATE : PUBLIC (string)

TITLE : Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : Kubernetes (string)

version : { »

version_data : [ »

0 : { »

version_value : <= 1.19.3 (string)

}

1 : { »

version_value : <= 1.18.10 (string)

}

2 : { »

version_value : <= 1.17.13 (string)

}

3 : { »

version_value : < 1.20.0-alpha2 (string)

}

]

}

]

}

vendor_name : Kubernetes (string)

}

]

}

credit : [ »

0 : { »

lang : eng (string)

value : Patrick Rhomberg (purelyapplied) (string)

}

]

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. (string)

}

]

}

generator : { »

engine : Vulnogram 0.0.9 (string)

}

impact : { »

cvss : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 4.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-532 Information Exposure Through Log Files (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : Multiple secret leaks when verbose logging is enabled (string)

refsource : MLIST (string)

url : https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ (string)

}

1 : { »

name : https://github.com/kubernetes/kubernetes/issues/95623 (string)

refsource : CONFIRM (string)

url : https://github.com/kubernetes/kubernetes/issues/95623 (string)

}

]

}

source : { »

defect : [ »

0 : https://github.com/kubernetes/kubernetes/issues/95623 (string)

]

discovery : EXTERNAL (string)

}

work_around : [ »

0 : { »

lang : en (string)

value : Do not enable verbose logging in production (log level >= 9), limit access to logs. (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T10:03:46.382Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : Multiple secret leaks when verbose logging is enabled (string)

tags : [ »

0 : mailing-list (string)

1 : x_refsource_MLIST (string)

2 : x_transferred (string)

]

url : https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ (string)

}

1 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/kubernetes/kubernetes/issues/95623 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : a6081bf6-c852-4425-ad4f-a67919267565 (string)

assignerShortName : kubernetes (string)

cveId : CVE-2020-8565 (string)

datePublished : 2020-12-07T22:00:19.374983Z (string)

dateReserved : 2020-02-03T00:00:00 (string)

dateUpdated : 2024-09-17T00:05:58.669Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAC4DF80-12A5-482D-88C8-1939A015FBE4", "versionEndIncluding": "1.17.13", "versionStartIncluding": "1.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "57F3AFC9-8D1D-4870-B40E-5A2CFEB2388E", "versionEndIncluding": "1.18.10", "versionStartIncluding": "1.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "13CE6526-CD5D-4B0D-AE8C-20E113F2D412", "versionEndIncluding": "1.19.3", "versionStartIncluding": "1.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2."}, {"lang": "es", "value": "En Kubernetes, si el nivel de registro se establece en al menos 9, los tokens de autorizaci\u00f3n y portador se escribir\u00e1n en los archivos de registro. Esto puede ocurrir tanto en los registros del servidor API como en la salida de la herramienta cliente como kubectl. Esto afecta a versiones anteriores e iguales a v1.19.3, versiones anteriores e iguales a v1.18.10, versiones anteriores e iguales a v1.17.13, versiones anteriores a v1.20.0-alpha2"}], "id": "CVE-2020-8565", "lastModified": "2024-11-21T05:39:02.543", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-07T22:15:21.400", "references": [{"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/95623"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/95623"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BAC4DF80-12A5-482D-88C8-1939A015FBE4 (string)

versionEndIncluding : 1.17.13 (string)

versionStartIncluding : 1.17.0 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 57F3AFC9-8D1D-4870-B40E-5A2CFEB2388E (string)

versionEndIncluding : 1.18.10 (string)

versionStartIncluding : 1.18.0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 13CE6526-CD5D-4B0D-AE8C-20E113F2D412 (string)

versionEndIncluding : 1.19.3 (string)

versionStartIncluding : 1.19.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. (string)

}

1 : { »

lang : es (string)

value : En Kubernetes, si el nivel de registro se establece en al menos 9, los tokens de autorización y portador se escribirán en los archivos de registro. Esto puede ocurrir tanto en los registros del servidor API como en la salida de la herramienta cliente como kubectl. Esto afecta a versiones anteriores e iguales a v1.19.3, versiones anteriores e iguales a v1.18.10, versiones anteriores e iguales a v1.17.13, versiones anteriores a v1.20.0-alpha2 (string)

}

]

id : CVE-2020-8565 (string)

lastModified : 2024-11-21T05:39:02.543 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : LOCAL (string)

authentication : NONE (string)

availabilityImpact : NONE (string)

baseScore : 2.1 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : NONE (string)

vectorString : AV:L/AC:L/Au:N/C:P/I:N/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 4.7 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1 (number)

impactScore : 3.6 (number)

source : jordan@liggitt.net (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : LOCAL (string)

availabilityImpact : NONE (string)

baseScore : 5.5 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : HIGH (string)

integrityImpact : NONE (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.8 (number)

impactScore : 3.6 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-12-07T22:15:21.400 (string)

references : [ »

0 : { »

source : jordan@liggitt.net (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/kubernetes/kubernetes/issues/95623 (string)

}

1 : { »

source : jordan@liggitt.net (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ (string)

}

2 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://github.com/kubernetes/kubernetes/issues/95623 (string)

}

3 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Mailing List (string)

1 : Patch (string)

2 : Third Party Advisory (string)

]

url : https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ (string)

}

]

sourceIdentifier : jordan@liggitt.net (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-532 (string)

}

]

source : jordan@liggitt.net (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-532 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Patrick Rhomberg (purelyapplied) as the original reporter.", "affected_release": [{"advisory": "RHSA-2021:2041", "cpe": "cpe:/a:redhat:openshift_container_storage:4.7::el8", "package": "ocs4/rook-ceph-rhel8-operator:4.7-140.49a6fcf.release_4.7", "product_name": "Red Hat OpenShift Container Storage 4.7.0 on RHEL-8", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/cephcsi-rhel8:4.8-125.01872cc.release_4.8", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/mcg-core-rhel8:5.8.0-38.e060925.5.8", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/mcg-rhel8-operator:5.8.0-27.4a6ca5f.5.8", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/ocs-must-gather-rhel8:4.8-196.a35d7d7.release_4.8", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/ocs-operator-bundle:4.8.0-5", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/ocs-rhel8-operator:4.8-196.a35d7d7.release_4.8", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/rook-ceph-rhel8-operator:4.8-167.9a9db5f.release_4.8", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHBA-2021:3003", "cpe": "cpe:/a:redhat:openshift_container_storage:4.8::el8", "package": "ocs4/volume-replication-rhel8-operator:4.8-20.ab575a2.release_v0.1", "product_name": "Red Hat OpenShift Container Storage 4.8.0 on RHEL-8", "release_date": "2021-08-03T00:00:00Z"}, {"advisory": "RHSA-2021:5085", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "mcg-0:5.9.0-28.61dcf87.5.9.el8", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/cephcsi-rhel8:4.9-164.57484e3.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/ocs-must-gather-rhel8:4.9-257.4181add.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/ocs-operator-bundle:4.9.0-5", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/ocs-rhel8-operator:4.9-257.4181add.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odf-console-rhel8:4.9-39.0f2fa23.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odf-multicluster-operator-bundle:4.9.0-5", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odf-operator-bundle:4.9.0-5", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odf-rhel8-operator:4.9-59.c8bbc1f.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odr-cluster-operator-bundle:4.9.0-5", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odr-hub-operator-bundle:4.9.0-5", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/odr-rhel8-operator:4.9-27.3d037cc.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/rook-ceph-rhel8-operator:4.9-219.c3f67c6.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf4/volume-replication-rhel8-operator:4.9-28.82f68db.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}, {"advisory": "RHSA-2021:5086", "cpe": "cpe:/a:redhat:openshift_data_foundation:4.9::el8", "package": "odf/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9", "product_name": "Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8", "release_date": "2021-12-13T00:00:00Z"}], "bugzilla": {"description": "kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9", "id": "1886638", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886638"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-117", "details": ["In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.", "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4."], "name": "CVE-2020-8565", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "atomic-openshift", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-hyperkube", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift-clients", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Affected", "package_name": "mcg", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "package_name": "rhgs3/rhgs-gluster-block-prov-rhel7", "product_name": "Red Hat Storage 3"}], "public_date": "2020-10-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8565\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8565\nhttps://github.com/kubernetes/kubernetes/issues/95623\nhttps://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk"], "statement": "OpenShift Container Platform 4 does not support LogLevels higher than 8 (via 'TraceAll'), and is therefore not affected by this vulnerability.", "threat_severity": "Moderate"}

{

acknowledgement : Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Patrick Rhomberg (purelyapplied) as the original reporter. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2021:2041 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.7::el8 (string)

package : ocs4/rook-ceph-rhel8-operator:4.7-140.49a6fcf.release_4.7 (string)

product_name : Red Hat OpenShift Container Storage 4.7.0 on RHEL-8 (string)

release_date : 2021-05-19T00:00:00Z (string)

}

1 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/cephcsi-rhel8:4.8-125.01872cc.release_4.8 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

2 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/mcg-core-rhel8:5.8.0-38.e060925.5.8 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

3 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/mcg-rhel8-operator:5.8.0-27.4a6ca5f.5.8 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

4 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/ocs-must-gather-rhel8:4.8-196.a35d7d7.release_4.8 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

5 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/ocs-operator-bundle:4.8.0-5 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

6 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/ocs-rhel8-operator:4.8-196.a35d7d7.release_4.8 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

7 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/rook-ceph-rhel8-operator:4.8-167.9a9db5f.release_4.8 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

8 : { »

advisory : RHBA-2021:3003 (string)

cpe : cpe:/a:redhat:openshift_container_storage:4.8::el8 (string)

package : ocs4/volume-replication-rhel8-operator:4.8-20.ab575a2.release_v0.1 (string)

product_name : Red Hat OpenShift Container Storage 4.8.0 on RHEL-8 (string)

release_date : 2021-08-03T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2021:5085 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : mcg-0:5.9.0-28.61dcf87.5.9.el8 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

10 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/cephcsi-rhel8:4.9-164.57484e3.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

11 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/ocs-must-gather-rhel8:4.9-257.4181add.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

12 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/ocs-operator-bundle:4.9.0-5 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

13 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/ocs-rhel8-operator:4.9-257.4181add.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

14 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odf-console-rhel8:4.9-39.0f2fa23.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

15 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odf-multicluster-operator-bundle:4.9.0-5 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

16 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

17 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odf-operator-bundle:4.9.0-5 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

18 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odf-rhel8-operator:4.9-59.c8bbc1f.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

19 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odr-cluster-operator-bundle:4.9.0-5 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

20 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odr-hub-operator-bundle:4.9.0-5 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

21 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/odr-rhel8-operator:4.9-27.3d037cc.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

22 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/rook-ceph-rhel8-operator:4.9-219.c3f67c6.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

23 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf4/volume-replication-rhel8-operator:4.9-28.82f68db.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

24 : { »

advisory : RHSA-2021:5086 (string)

cpe : cpe:/a:redhat:openshift_data_foundation:4.9::el8 (string)

package : odf/odf-multicluster-rhel8-operator:4.9-30.007b3d8.release_4.9 (string)

product_name : Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 (string)

release_date : 2021-12-13T00:00:00Z (string)

}

]

bugzilla : { »

description : kubernetes: Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 (string)

id : 1886638 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1886638 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 5.3 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N (string)

status : verified (string)

}

cwe : CWE-117 (string)

details : [ »

0 : In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. (string)

1 : A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4. (string)

]

name : CVE-2020-8565 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:openshift:3.11 (string)

fix_state : Will not fix (string)

package_name : atomic-openshift (string)

product_name : Red Hat OpenShift Container Platform 3.11 (string)

}

1 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Not affected (string)

package_name : openshift (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

2 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Not affected (string)

package_name : openshift4/ose-hyperkube (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

3 : { »

cpe : cpe:/a:redhat:openshift:4 (string)

fix_state : Not affected (string)

package_name : openshift-clients (string)

product_name : Red Hat OpenShift Container Platform 4 (string)

}

4 : { »

cpe : cpe:/a:redhat:openshift_container_storage:4 (string)

fix_state : Affected (string)

package_name : mcg (string)

product_name : Red Hat Openshift Container Storage 4 (string)

}

5 : { »

cpe : cpe:/a:redhat:storage:3 (string)

fix_state : Affected (string)

package_name : heketi (string)

product_name : Red Hat Storage 3 (string)

}

6 : { »

cpe : cpe:/a:redhat:storage:3 (string)

fix_state : Affected (string)

package_name : rhgs3/rhgs-gluster-block-prov-rhel7 (string)

product_name : Red Hat Storage 3 (string)

}

]

public_date : 2020-10-14T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2020-8565 https://nvd.nist.gov/vuln/detail/CVE-2020-8565 https://github.com/kubernetes/kubernetes/issues/95623 https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk (string)

]

statement : OpenShift Container Platform 4 does not support LogLevels higher than 8 (via 'TraceAll'), and is therefore not affected by this vulnerability. (string)

threat_severity : Moderate (string)

}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object