CVE-2020-8566 is a vulnerability in Kubernetes
Published on December 7, 2020
Ceph RBD adminSecrets exposed in logs when loglevel >= 4
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.
Vulnerability Analysis
CVE-2020-8566 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.
Weakness Type
Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
Products Associated with CVE-2020-8566
Want to know whenever a new CVE is published for Kubernetes? stack.watch will email you.
Affected Versions
Kubernetes:- Version < 1.19.3 is affected.
- Version < 1.18.10 is affected.
- Version < 1.17.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.