CVE-2020-8564

Published: Dic 07, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2023-0668 Aliases: GHSA-8mjg-8c8g-6h85
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,7
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW 2,1
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0005
Percentile
0,2th
Updated

EPSS Score Trend (Last 90 Days)

532

Insertion of Sensitive Information into Log File

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Application

Kubernetes by Kubernetes

Product Information
Vendor Kubernetes
Product Kubernetes
Version Range Affected
From 1.19.0 (inclusive)
To 1.19.3 (exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kubernetes by Kubernetes

Product Information
Vendor Kubernetes
Product Kubernetes
Version Range Affected
From 1.18.0 (inclusive)
To 1.18.10 (exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kubernetes by Kubernetes

Product Information
Vendor Kubernetes
Product Kubernetes
Version Range Affected
From 1.17.0 (inclusive)
To 1.17.13 (exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/kubernetes/kubernetes/issues/95622
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/95622
https://groups.google.com/g/kubernetes-security-discuss/c/v…
Mailing List Patch Third Party Advisory
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM…
https://security.netapp.com/advisory/ntap-20210122-0006/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0006/
https://github.com/kubernetes/kubernetes/issues/95622
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/95622
https://groups.google.com/g/kubernetes-security-discuss/c/v…
Mailing List Patch Third Party Advisory
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM…
https://security.netapp.com/advisory/ntap-20210122-0006/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0006/