| Max CVSS | 3.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-8563 | 2.1 |
In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.
|
29-03-2021 - 19:31 | 07-12-2020 - 22:15 | |
| CVE-2020-8566 | 2.1 |
In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This aff
|
29-03-2021 - 19:30 | 07-12-2020 - 22:15 | |
| CVE-2020-8564 | 2.1 |
In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.
|
29-03-2021 - 19:30 | 07-12-2020 - 22:15 | |
| CVE-2020-8565 | 2.1 |
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v
|
08-12-2020 - 19:51 | 07-12-2020 - 22:15 | |
| CVE-2019-11250 | 3.5 |
The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use
|
16-10-2020 - 09:15 | 29-08-2019 - 01:15 |