Description
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.
References (2)
Core 2
Core References
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
Third Party Advisory x_refsource_confirm
https://github.com/kubernetes/kubernetes/issues/95623
Scores
CVSS v3
4.7
EPSS
0.0006
EPSS Percentile
18.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-532
Status
published
Products (3)
k8s.io/client-go
0.19.0 - 0.19.6Go
k8s.io/kubernetes
0 - 1.20.0-alpha.2Go
kubernetes/kubernetes
1.17.0 - 1.17.13
Published
Dec 07, 2020
Tracked Since
Feb 18, 2026