CVE-2020-8564

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.

CVSS v3 5.5 MEDIUM
CVSS v2.0 2.1 LOW

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/95622	Third Party Advisory
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ	Mailing List Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0006/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::

History

No history.

Information

Published : 2020-12-07 22:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-8564

Mitre link : CVE-2020-8564

CVE.ORG link : CVE-2020-8564

JSON object : View

Products Affected

kubernetes

kubernetes

CWE

CWE-532

Insertion of Sensitive Information into Log File

{"id": "CVE-2020-8564", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "jordan@liggitt.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}]}, "published": "2020-12-07T22:15:21.307", "references": [{"url": "https://github.com/kubernetes/kubernetes/issues/95622", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "jordan@liggitt.net"}, {"url": "https://security.netapp.com/advisory/ntap-20210122-0006/", "tags": ["Third Party Advisory"], "source": "jordan@liggitt.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-532"}]}, {"type": "Secondary", "source": "jordan@liggitt.net", "description": [{"lang": "en", "value": "CWE-532"}]}], "descriptions": [{"lang": "en", "value": "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13."}, {"lang": "es", "value": "En los cl\u00fasteres de Kubernetes que usan un nivel de registro de al menos 4, el procesamiento de un archivo de configuraci\u00f3n de docker malformado dar\u00e1 como resultado la filtraci\u00f3n del contenido del archivo de configuraci\u00f3n de docker, que puede incluir secretos de extracci\u00f3n u otras credenciales de registro. Esto afecta versiones anteriores a v1.19.3, versiones anteriores a v1.18.10, versiones anteriores a v1.17.13"}], "lastModified": "2021-03-29T19:30:55.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B765012B-C658-4EB8-956A-62A91142CE05", "versionEndExcluding": "1.17.13", "versionStartIncluding": "1.17.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67F84BBA-5FCA-4A23-BB4E-47BE92E3706A", "versionEndExcluding": "1.18.10", "versionStartIncluding": "1.18.0"}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "456BD01B-44E8-4823-B220-5E109D8C377D", "versionEndExcluding": "1.19.3", "versionStartIncluding": "1.19.0"}], "operator": "OR"}]}], "sourceIdentifier": "jordan@liggitt.net"}