{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"status": "affected", "version": "< 1.19.3"}, {"status": "affected", "version": "< 1.18.10"}, {"status": "affected", "version": "< 1.17.13"}]}], "credits": [{"lang": "en", "value": "Nikolaos Moraitis (Red Hat)"}], "datePublic": "2020-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Information Exposure Through Log Files", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-22T12:06:18", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"name": "Multiple secret leaks when verbose logging is enabled", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubernetes/kubernetes/issues/95622"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20210122-0006/"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/95622"], "discovery": "EXTERNAL"}, "title": "Docker config secrets leaked when file is malformed and loglevel >= 4", "workarounds": [{"lang": "en", "value": "Do not enable verbose logging in production (log level >= 4), limit access to logs."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2020-10-15T04:00:00.000Z", "ID": "CVE-2020-8564", "STATE": "PUBLIC", "TITLE": "Docker config secrets leaked when file is malformed and loglevel >= 4"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_value": "< 1.19.3"}, {"version_value": "< 1.18.10"}, {"version_value": "< 1.17.13"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Nikolaos Moraitis (Red Hat)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-532 Information Exposure Through Log Files"}]}]}, "references": {"reference_data": [{"name": "Multiple secret leaks when verbose logging is enabled", "refsource": "MLIST", "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"name": "https://github.com/kubernetes/kubernetes/issues/95622", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/95622"}, {"name": "https://security.netapp.com/advisory/ntap-20210122-0006/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210122-0006/"}]}, "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/95622"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Do not enable verbose logging in production (log level >= 4), limit access to logs."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.158Z"}, "title": "CVE Program Container", "references": [{"name": "Multiple secret leaks when verbose logging is enabled", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/95622"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20210122-0006/"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2020-8564", "datePublished": "2020-12-07T22:00:22.445619Z", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2024-09-16T17:32:40.199Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "B765012B-C658-4EB8-956A-62A91142CE05", "versionEndExcluding": "1.17.13", "versionStartIncluding": "1.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "67F84BBA-5FCA-4A23-BB4E-47BE92E3706A", "versionEndExcluding": "1.18.10", "versionStartIncluding": "1.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "456BD01B-44E8-4823-B220-5E109D8C377D", "versionEndExcluding": "1.19.3", "versionStartIncluding": "1.19.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13."}, {"lang": "es", "value": "En los cl\u00fasteres de Kubernetes que usan un nivel de registro de al menos 4, el procesamiento de un archivo de configuraci\u00f3n de docker malformado dar\u00e1 como resultado la filtraci\u00f3n del contenido del archivo de configuraci\u00f3n de docker, que puede incluir secretos de extracci\u00f3n u otras credenciales de registro. Esto afecta versiones anteriores a v1.19.3, versiones anteriores a v1.18.10, versiones anteriores a v1.17.13"}], "id": "CVE-2020-8564", "lastModified": "2024-11-21T05:39:02.430", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 3.6, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-07T22:15:21.307", "references": [{"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/95622"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210122-0006/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/95622"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20210122-0006/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Nikolaos Moraitis (Red Hat) as the original reporter.", "affected_release": [{"advisory": "RHSA-2021:3193", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.501-1.git.0.f8c4746.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2021-08-25T00:00:00Z"}, {"advisory": "RHSA-2021:0281", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift4/ose-docker-builder:v4.4.0-202101261542.p0", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2021-02-03T00:00:00Z"}, {"advisory": "RHSA-2020:5359", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "package": "openshift4/ose-docker-builder:v4.5.0-202012050338.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-12-15T00:00:00Z"}, {"advisory": "RHSA-2020:4297", "cpe": "cpe:/a:redhat:openshift:4.6::el7", "package": "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2021:0172", "cpe": "cpe:/a:redhat:openshift:4.6::el7", "package": "openshift-0:4.6.0-202101160934.p0.git.94242.fc5242e.el8", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2021-01-25T00:00:00Z"}, {"advisory": "RHSA-2020:5259", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-docker-builder:v4.6.0-202012050130.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-12-14T00:00:00Z"}, {"advisory": "RHSA-2021:0171", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-hyperkube:v4.6.0-202101160934.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2021-01-25T00:00:00Z"}], "bugzilla": {"description": "kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4", "id": "1886637", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1886637"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-117", "details": ["In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.", "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file."], "name": "CVE-2020-8564", "package_state": [{"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}], "public_date": "2020-10-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8564\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8564\nhttps://github.com/kubernetes/kubernetes/issues/95622\nhttps://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk"], "threat_severity": "Moderate", "upstream_fix": "kubernetes 1.19.3, kubernetes 1.18.10, kubernetes 1.17.13"}