Miggo Logo
Miggo Vulnerability Database
CVE-2020-8566

CVE-2020-8566:
Sensitive Information leak via Log File in Kubernetes

5.3

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-8566
GHSA ID
GHSA-5x96-j797-5qqw
EPSS Score
0.43395%
CWE
CWE-532
Published
4/24/2024
Updated
4/24/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/kubernetes/kubernetesgo< 1.17.131.17.13
github.com/kubernetes/kubernetesgo>= 1.18.0, < 1.18.101.18.10
github.com/kubernetes/kubernetesgo>= 1.19.0, < 1.19.31.19.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from multiple functions in rbd_util.go that logged sensitive adminSecret values using klog.V(4).Infof. The commit diff shows these functions previously included the secret in log messages, which was later masked. All identified functions handle Ceph RBD operations and contained explicit logging of credentials at verbosity level 4, matching the vulnerability description.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Ku**rn*t*s *lust*rs usin* **p* R** *s * stor*** provision*r, wit* lo**in* l*v*l o* *t l**st *, **p* R** **min s**r*ts **n ** writt*n to lo*s. T*is o**urs in ku**-*ontroll*r-m*n***r's lo*s *urin* provisionin* o* **p* R** p*rsist*nt *l*ims. T*is ***

Reasoning

T** vuln*r**ility st*ms *rom multipl* *un*tions in `r**_util.*o` t**t lo**** s*nsitiv* `**minS**r*t` v*lu*s usin* `klo*.V(*).In*o*`. T** *ommit *i** s*ows t**s* *un*tions pr*viously in*lu*** t** s**r*t in lo* m*ss***s, w*i** w*s l*t*r m*sk**. *ll i**