Kaizhe Huang

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions prior to 1.19.3 **Description** A sensitive information leak occurs via log files in Kubernetes. This issue affects Kubernetes clusters using VSphere as a cloud provider, where the logging level is set to 4 or above, causing VSphere cloud credentials to be leaked in the cloud controller manager's log. **Recommendations** For versions prior to 1.19.3, update to version 1.19.3 or later to resolve the issue. As a temporary workaround, consider reducing the logging level to below 4 to minimize the risk of credential leakage. Restrict access to the cloud controller manager's log to prevent unauthorized access to sensitive information.

**Name of the Vulnerable Software and Affected Versions** Kubernetes versions prior to 1.19.3 Kubernetes versions prior to 1.18.10 Kubernetes versions prior to 1.17.13 **Description** In Kubernetes clusters using Ceph RBD as a storage provisioner, with a logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during the provisioning of Ceph RBD persistent claims. **Recommendations** For versions prior to 1.19.3, consider updating to version 1.19.3 or later to resolve the issue. For versions prior to 1.18.10, consider updating to version 1.18.10 or later to resolve the issue. For versions prior to 1.17.13, consider updating to version 1.17.13 or later to resolve the issue. As a temporary workaround, consider reducing the logging level to below 4 to minimize the risk of sensitive information being written to logs.