Sensitive Information leak via Log File in Kubernetes · CVE-2020-8563 · GitHub Advisory Database · GitHub

Sensitive Information leak via Log File in Kubernetes

Moderate severity GitHub Reviewed Published Apr 24, 2024 to the GitHub Advisory Database • Updated Apr 24, 2024

Package

github.com/kubernetes/kubernetes (Go)

Affected versions

< 1.19.3

Patched versions

1.19.3

Description

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.

References

Published to the GitHub Advisory Database Apr 24, 2024

Reviewed Apr 24, 2024

Last updated Apr 24, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N