| Vulnerability Name: | CVE-2020-8565 (CCN-189925) |
| Assigned: | 2020-10-16 |
| Published: | 2020-10-16 |
| Updated: | 2020-12-08 |
| Summary: | In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
|
| CVSS v3 Severity: | 5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
4.7 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.1 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): High
Integrity (I): None
Availibility (A): None |
|
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None |
3.8 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:S/C:C/I:N/A:N)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): Single_Instance
| | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None |
|
| Vulnerability Type: | CWE-532
|
| Vulnerability Consequences: | Obtain Information |
| References: | Source: MITRE
Type: CNA
CVE-2020-8565
Source: XF
Type: UNKNOWN
kubernetes-cve20208565-info-disc(189925)
Source: CONFIRM
Type: Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/95623
Source: CCN
Type: kubernetes GIT Repository
Mask bearer token in logs when logLevel >= 9 #95316
Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
Multiple secret leaks when verbose logging is enabled
Source: CCN
Type: oss-sec Mailing List, Fri, 16 Oct 2020 09:55:45 +1000
Kubernetes: Multiple secret leaks when verbose logging is enabled
Source: CCN
Type: IBM Security Bulletin 6417487 (Cloud Private)
IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8566, CVE-2020-8565, CVE-2020-8563, CVE-2020-8564)
Source: CCN
Type: IBM Security Bulletin 6452959 (Spectrum Discover)
Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover
Source: CCN
Type: IBM Security Bulletin 6599703 (Db2 On Openshift)
Multiple vulnerabilities affect IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data
Source: CCN
Type: IBM Security Bulletin 6833272 (CICS TX Standard)
IBM CICS TX Standard is vulnerable to multiple vulnerabilities in Kubernetes.
Source: CCN
Type: IBM Security Bulletin 6833274 (CICS TX Advanced)
IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Kubernetes.
Source: CCN
Type: IBM Security Bulletin 6999559 (Edge Application Manager)
IBM Edge Application Manager 4.5 addresses multiple security vulnerabilities
Source: CCN
Type: IBM Security Bulletin 7002503 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (Version >= 1.17.0 and <= 1.17.13)OR cpe:/a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (Version >= 1.18.0 and <= 1.18.10)OR cpe:/a:kubernetes:kubernetes:*:*:*:*:*:*:*:* (Version >= 1.19.0 and <= 1.19.3)
Configuration CCN 1:
cpe:/a:kubernetes:kubernetes:1.17.0:-:*:*:*:*:*:*OR cpe:/a:kubernetes:kubernetes:1.18.0:-:*:*:*:*:*:*OR cpe:/a:kubernetes:kubernetes:1.19.0:-:*:*:*:*:*:*AND cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*OR cpe:/a:ibm:db2_warehouse:3.5:-:*:*:*:*:*:*OR cpe:/a:ibm:db2_warehouse:4.0:-:*:*:*:*:*:*OR cpe:/a:ibm:db2:3.5:-:*:*:*:*:*:*OR cpe:/a:ibm:db2:4.0:-:*:*:*:*:*:*OR cpe:/a:ibm:cics_tx:11.1:*:*:*:standard:*:*:*OR cpe:/a:ibm:cics_tx:11.1:*:*:*:advanced:*:*:*OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.opensuse.security:def:626 | P | Security update for kubernetes1.18 (Moderate) (in QA) | 2022-09-27 | | oval:org.opensuse.security:def:3783 | P | Security update for the Linux Kernel (Important) | 2022-07-21 | | oval:org.opensuse.security:def:104149 | P | Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate) | 2020-12-23 | | oval:org.opensuse.security:def:90494 | P | Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate) | 2020-12-23 | | oval:org.opensuse.security:def:97459 | P | Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate) | 2020-12-23 | | oval:org.opensuse.security:def:64872 | P | Security changes in Kubernetes, etcd, and helm; Bugfix in cri-o package (Moderate) | 2020-12-23 | | oval:org.opensuse.security:def:109676 | P | Security changes in Kubernetes, etcd, and skuba; Bugfix in cri-o package and make helm3 the default helm (Important) | 2020-12-11 |
|
| BACK |