CVE-2020-8564 is a vulnerability in Kubernetes
Published on December 7, 2020
Docker config secrets leaked when file is malformed and loglevel >= 4
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Vulnerability Analysis
CVE-2020-8564 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2020-8564
Want to know whenever a new CVE is published for Kubernetes? stack.watch will email you.
Affected Versions
Kubernetes:- Version < 1.19.3 is affected.
- Version < 1.18.10 is affected.
- Version < 1.17.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.