Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04Y2ZnLXZ4OTMtanZ4d84AAxdQ
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, < v1.20.0-alpha2.
Permalink: https://github.com/advisories/GHSA-8cfg-vx93-jvxwJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04Y2ZnLXZ4OTMtanZ4d84AAxdQ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 1 year ago
Updated: 7 months ago
CVSS Score: 4.7
CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Identifiers: GHSA-8cfg-vx93-jvxw, CVE-2020-8565
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8565
- https://github.com/kubernetes/kubernetes/issues/95623
- https://github.com/kubernetes/kubernetes/pull/95316
- https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419
- https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
- https://pkg.go.dev/vuln/GO-2021-0064
- https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3
- https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0
- https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86
- https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373
- https://github.com/advisories/GHSA-8cfg-vx93-jvxw
Blast Radius: 21.8
Affected Packages
go:k8s.io/client-go
Dependent packages: 26,126Dependent repositories: 44,291
Downloads:
Affected Version Ranges: < 0.17.16, >= 0.18.0, < 0.18.14, >= 0.20.0-alpha.0, < 0.20.0-alpha.2, >= 0.19.0, < 0.19.6
Fixed in: 0.17.16, 0.18.14, 0.20.0-alpha.2, 0.19.6
All affected versions: 0.15.7, 0.15.8, 0.15.9, 0.15.10, 0.15.11, 0.15.12, 0.16.4, 0.16.5, 0.16.6, 0.16.7, 0.16.8, 0.16.9, 0.16.10, 0.16.11, 0.16.12, 0.16.13, 0.16.14, 0.16.15, 0.17.0, 0.17.1, 0.17.2, 0.17.3, 0.17.4, 0.17.5, 0.17.6, 0.17.7, 0.17.8, 0.17.9, 0.17.11, 0.17.12, 0.17.13, 0.17.14, 0.17.15, 0.18.0, 0.18.1, 0.18.2, 0.18.3, 0.18.4, 0.18.5, 0.18.6, 0.18.8, 0.18.9, 0.18.10, 0.18.12, 0.18.13, 0.19.0, 0.19.1, 0.19.2, 0.19.3, 0.19.4, 0.19.5, 0.20.0-alpha.0, 0.20.0-alpha.1
All unaffected versions: 0.17.16, 0.17.17, 0.18.14, 0.18.15, 0.18.16, 0.18.17, 0.18.18, 0.18.19, 0.19.6, 0.19.7, 0.19.8, 0.19.9, 0.19.10, 0.19.11, 0.19.12, 0.19.13, 0.19.14, 0.19.15, 0.19.16, 0.20.0, 0.20.1, 0.20.2, 0.20.3, 0.20.4, 0.20.5, 0.20.6, 0.20.7, 0.20.8, 0.20.9, 0.20.10, 0.20.11, 0.20.12, 0.20.13, 0.20.14, 0.20.15, 0.21.0, 0.21.1, 0.21.2, 0.21.3, 0.21.4, 0.21.5, 0.21.6, 0.21.7, 0.21.8, 0.21.9, 0.21.10, 0.21.11, 0.21.12, 0.21.13, 0.21.14, 0.22.0, 0.22.1, 0.22.2, 0.22.3, 0.22.4, 0.22.5, 0.22.6, 0.22.7, 0.22.8, 0.22.9, 0.22.10, 0.22.11, 0.22.12, 0.22.13, 0.22.14, 0.22.15, 0.22.16, 0.22.17, 0.23.0, 0.23.1, 0.23.2, 0.23.3, 0.23.4, 0.23.5, 0.23.6, 0.23.7, 0.23.8, 0.23.9, 0.23.10, 0.23.11, 0.23.12, 0.23.13, 0.23.14, 0.23.15, 0.23.16, 0.23.17, 0.24.0, 0.24.1, 0.24.2, 0.24.3, 0.24.4, 0.24.5, 0.24.6, 0.24.7, 0.24.8, 0.24.9, 0.24.10, 0.24.11, 0.24.12, 0.24.13, 0.24.14, 0.24.15, 0.24.16, 0.24.17, 0.25.0, 0.25.1, 0.25.2, 0.25.3, 0.25.4, 0.25.5, 0.25.6, 0.25.7, 0.25.8, 0.25.9, 0.25.10, 0.25.11, 0.25.12, 0.25.13, 0.25.14, 0.25.15, 0.25.16, 0.26.0, 0.26.1, 0.26.2, 0.26.3, 0.26.4, 0.26.5, 0.26.6, 0.26.7, 0.26.8, 0.26.9, 0.26.10, 0.26.11, 0.26.12, 0.26.13, 0.27.0, 0.27.1, 0.27.2, 0.27.3, 0.27.4, 0.27.5, 0.27.6, 0.27.7, 0.27.8, 0.27.9, 0.27.10, 0.28.0, 0.28.1, 0.28.2, 0.28.3, 0.28.4, 0.28.5, 0.28.6, 0.29.0, 0.29.1, 1.4.0, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 3.0.0, 4.0.0, 5.0.0, 5.0.1, 6.0.0, 7.0.0, 8.0.0, 9.0.0, 10.0.0, 11.0.0