CVE-2020-8566

Published: Dic 07, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2024-1109 Aliases: GHSA-5x96-j797-5qqw
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 4,7
Source: [email protected]
Attack Vector: local
Attack Complexity: high
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
LOW 2,1
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0009
Percentile
0,3th
Updated

EPSS Score Trend (Last 90 Days)

532

Insertion of Sensitive Information into Log File

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Application

Kubernetes by Kubernetes

Product Information
Vendor Kubernetes
Product Kubernetes
Version Range Affected
From 1.19.0 (inclusive)
To 1.19.3 (exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kubernetes by Kubernetes

Product Information
Vendor Kubernetes
Product Kubernetes
Version Range Affected
From 1.18.0 (inclusive)
To 1.18.10 (exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Kubernetes by Kubernetes

Product Information
Vendor Kubernetes
Product Kubernetes
Version Range Affected
From 1.17.0 (inclusive)
To 1.17.13 (exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/kubernetes/kubernetes/issues/95624
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/95624
https://groups.google.com/g/kubernetes-security-discuss/c/v…
Mailing List Patch Third Party Advisory
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM…
https://security.netapp.com/advisory/ntap-20210122-0006/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0006/
https://github.com/kubernetes/kubernetes/issues/95624
Third Party Advisory
https://github.com/kubernetes/kubernetes/issues/95624
https://groups.google.com/g/kubernetes-security-discuss/c/v…
Mailing List Patch Third Party Advisory
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM…
https://security.netapp.com/advisory/ntap-20210122-0006/
Third Party Advisory
https://security.netapp.com/advisory/ntap-20210122-0006/