PT-2020-20210 · Linux Foundation+2 · Kubernetes+1
Nikolaos Moraitis
·
Published
2020-10-15
·
Updated
2023-02-06
·
CVE-2020-8564
CVSS v3.1
4.7
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Kubernetes versions prior to 1.19.3
Kubernetes versions prior to 1.18.10
Kubernetes versions prior to 1.17.13
Description
The issue arises when a Kubernetes cluster uses a logging level of at least 4 and encounters a malformed docker config file. This can lead to the leakage of the docker config file's contents, potentially including pull secrets or other registry credentials. The leakage occurs due to the improper handling of the malformed file.
Recommendations
For versions prior to 1.19.3, update to version 1.19.3 or later to resolve the issue.
For versions prior to 1.18.10, update to version 1.18.10 or later to resolve the issue.
For versions prior to 1.17.13, update to version 1.17.13 or later to resolve the issue.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Kubernetes