CVE-2020-8564

MEDIUM

Kubernetes <v1.19.3,v1.18.10,v1.17.13 - Info Disclosure

Title source: llm
STIX 2.1

Description

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.

References (3)

Core 3
Core References
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
Third Party Advisory x_refsource_confirm
https://github.com/kubernetes/kubernetes/issues/95622
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210122-0006/

Scores

CVSS v3 4.7
EPSS 0.0005
EPSS Percentile 16.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-532
Status published
Products (3)
k8s.io/kubernetes 0 - 1.20.0-alpha.1Go
kubernetes/kubernetes 1.17.0 - 1.17.13
kubernetes/kubernetes 1.19.0 - 1.19.3Go
Published Dec 07, 2020
Tracked Since Feb 18, 2026