CVE-2020-8565 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8565 Interim 1 42 2022-11-09T01:28:30Z current 2021-05-30T14:38:02Z 2022-11-09T01:28:30Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8565 In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2020-December/007989.html E-Mail link for SUSE-CU-2020:783-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007991.html E-Mail link for SUSE-CU-2020:785-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007994.html E-Mail link for SUSE-CU-2020:788-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007995.html E-Mail link for SUSE-CU-2020:789-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007997.html E-Mail link for SUSE-CU-2020:791-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007998.html E-Mail link for SUSE-CU-2020:793-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008028.html E-Mail link for SUSE-CU-2020:822-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008031.html E-Mail link for SUSE-CU-2020:825-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008037.html E-Mail link for SUSE-CU-2020:831-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008038.html E-Mail link for SUSE-CU-2020:832-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008039.html E-Mail link for SUSE-CU-2020:833-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008040.html E-Mail link for SUSE-CU-2020:834-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008044.html E-Mail link for SUSE-CU-2020:837-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008054.html E-Mail link for SUSE-CU-2020:848-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008055.html E-Mail link for SUSE-CU-2020:849-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008056.html E-Mail link for SUSE-CU-2020:850-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008057.html E-Mail link for SUSE-CU-2020:851-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/008058.html E-Mail link for SUSE-CU-2020:852-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007973.html E-Mail link for SUSE-SU-2020:3760-1 https://lists.suse.com/pipermail/sle-security-updates/2020-December/007972.html E-Mail link for SUSE-SU-2020:3761-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings Container caasp/v4/coredns:1.6.7 Container caasp/v4/etcd:3.4.13 Container caasp/v4/helm-tiller:2.16.12 Container caasp/v4/hyperkube:v1.17.17 Container caasp/v4/kubernetes-client:1.17.17 Container caasp/v4/kucero:1.3.0 Container caasp/v4/kured:1.3.0 SUSE CaaS Platform 4.0 SUSE CaaS Platform 4.5 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Containers 15 SP1 caasp-release-4.2.4-24.36.1 caasp-release-4.5.2-1.8.2 coredns-1.6.7-3.13.1 cri-o-1.16.1-3.37.3 cri-o-1.18-1.18.4-4.3.2 cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 cri-o-kubeadm-criconfig-1.16.1-3.37.3 etcd-3.4.13-4.15.1 etcdctl-3.4.13-3.3.1 etcdctl-3.4.13-4.15.1 helm-2.16.12-3.10.1 helm2-2.16.12-3.3.1 helm3-3.3.3-1.3.1 helm3-3.3.3-3.8.1 kubernetes-1.18-kubeadm-1.18.10-4.3.1 kubernetes-1.18-kubelet-1.18.10-4.3.1 kubernetes-client-1.17.13-4.21.2 kubernetes-common-1.17.13-4.21.2 kubernetes-kubeadm-1.17.13-4.21.2 kubernetes-kubelet-1.17.13-4.21.2 kucero-1.3.0-1.3.1 patterns-caasp-Management-4.5-3.3.1 skuba-1.4.11-3.49.2 skuba-2.1.11-3.10.1 skuba-update-1.4.11-3.49.2 skuba-update-2.1.11-3.10.1 terraform-provider-aws-2.59.0-1.6.1 velero-1.4.2-3.3.1 coredns-1.6.7-3.13.1 as a component of Container caasp/v4/coredns:1.6.7 etcd-3.4.13-4.15.1 as a component of Container caasp/v4/etcd:3.4.13 etcdctl-3.4.13-4.15.1 as a component of Container caasp/v4/etcd:3.4.13 helm-2.16.12-3.10.1 as a component of Container caasp/v4/helm-tiller:2.16.12 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/hyperkube:v1.17.17 kubernetes-client-1.17.13-4.21.2 as a component of Container caasp/v4/kubernetes-client:1.17.17 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/kubernetes-client:1.17.17 kubernetes-client-1.17.13-4.21.2 as a component of Container caasp/v4/kucero:1.3.0 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/kucero:1.3.0 kucero-1.3.0-1.3.1 as a component of Container caasp/v4/kucero:1.3.0 kubernetes-client-1.17.13-4.21.2 as a component of Container caasp/v4/kured:1.3.0 kubernetes-common-1.17.13-4.21.2 as a component of Container caasp/v4/kured:1.3.0 caasp-release-4.2.4-24.36.1 as a component of SUSE CaaS Platform 4.0 cri-o-1.16.1-3.37.3 as a component of SUSE CaaS Platform 4.0 cri-o-kubeadm-criconfig-1.16.1-3.37.3 as a component of SUSE CaaS Platform 4.0 etcdctl-3.4.13-4.15.1 as a component of SUSE CaaS Platform 4.0 helm-2.16.12-3.10.1 as a component of SUSE CaaS Platform 4.0 helm3-3.3.3-1.3.1 as a component of SUSE CaaS Platform 4.0 kubernetes-client-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 kubernetes-common-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 kubernetes-kubeadm-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 kubernetes-kubelet-1.17.13-4.21.2 as a component of SUSE CaaS Platform 4.0 skuba-1.4.11-3.49.2 as a component of SUSE CaaS Platform 4.0 skuba-update-1.4.11-3.49.2 as a component of SUSE CaaS Platform 4.0 terraform-provider-aws-2.59.0-1.6.1 as a component of SUSE CaaS Platform 4.0 caasp-release-4.5.2-1.8.2 as a component of SUSE CaaS Platform 4.5 cri-o-1.18-1.18.4-4.3.2 as a component of SUSE CaaS Platform 4.5 cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 as a component of SUSE CaaS Platform 4.5 etcdctl-3.4.13-3.3.1 as a component of SUSE CaaS Platform 4.5 helm2-2.16.12-3.3.1 as a component of SUSE CaaS Platform 4.5 helm3-3.3.3-3.8.1 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubeadm-1.18.10-4.3.1 as a component of SUSE CaaS Platform 4.5 kubernetes-1.18-kubelet-1.18.10-4.3.1 as a component of SUSE CaaS Platform 4.5 patterns-caasp-Management-4.5-3.3.1 as a component of SUSE CaaS Platform 4.5 skuba-2.1.11-3.10.1 as a component of SUSE CaaS Platform 4.5 skuba-update-2.1.11-3.10.1 as a component of SUSE CaaS Platform 4.5 velero-1.4.2-3.3.1 as a component of SUSE CaaS Platform 4.5 kubernetes-client-1.17.13-4.21.2 as a component of SUSE Linux Enterprise Module for Containers 15 SP1 kubernetes-common-1.17.13-4.21.2 as a component of SUSE Linux Enterprise Module for Containers 15 SP1 In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2. CVE-2020-8565 Container caasp/v4/coredns:1.6.7:coredns-1.6.7-3.13.1 Container caasp/v4/etcd:3.4.13:etcd-3.4.13-4.15.1 Container caasp/v4/etcd:3.4.13:etcdctl-3.4.13-4.15.1 Container caasp/v4/helm-tiller:2.16.12:helm-2.16.12-3.10.1 Container caasp/v4/hyperkube:v1.17.17:kubernetes-common-1.17.13-4.21.2 Container caasp/v4/kubernetes-client:1.17.17:kubernetes-client-1.17.13-4.21.2 Container caasp/v4/kubernetes-client:1.17.17:kubernetes-common-1.17.13-4.21.2 Container caasp/v4/kucero:1.3.0:kubernetes-client-1.17.13-4.21.2 Container caasp/v4/kucero:1.3.0:kubernetes-common-1.17.13-4.21.2 Container caasp/v4/kucero:1.3.0:kucero-1.3.0-1.3.1 Container caasp/v4/kured:1.3.0:kubernetes-client-1.17.13-4.21.2 Container caasp/v4/kured:1.3.0:kubernetes-common-1.17.13-4.21.2 SUSE CaaS Platform 4.0:caasp-release-4.2.4-24.36.1 SUSE CaaS Platform 4.0:cri-o-1.16.1-3.37.3 SUSE CaaS Platform 4.0:cri-o-kubeadm-criconfig-1.16.1-3.37.3 SUSE CaaS Platform 4.0:etcdctl-3.4.13-4.15.1 SUSE CaaS Platform 4.0:helm-2.16.12-3.10.1 SUSE CaaS Platform 4.0:helm3-3.3.3-1.3.1 SUSE CaaS Platform 4.0:kubernetes-client-1.17.13-4.21.2 SUSE CaaS Platform 4.0:kubernetes-common-1.17.13-4.21.2 SUSE CaaS Platform 4.0:kubernetes-kubeadm-1.17.13-4.21.2 SUSE CaaS Platform 4.0:kubernetes-kubelet-1.17.13-4.21.2 SUSE CaaS Platform 4.0:skuba-1.4.11-3.49.2 SUSE CaaS Platform 4.0:skuba-update-1.4.11-3.49.2 SUSE CaaS Platform 4.0:terraform-provider-aws-2.59.0-1.6.1 SUSE CaaS Platform 4.5:caasp-release-4.5.2-1.8.2 SUSE CaaS Platform 4.5:cri-o-1.18-1.18.4-4.3.2 SUSE CaaS Platform 4.5:cri-o-1.18-kubeadm-criconfig-1.18.4-4.3.2 SUSE CaaS Platform 4.5:etcdctl-3.4.13-3.3.1 SUSE CaaS Platform 4.5:helm2-2.16.12-3.3.1 SUSE CaaS Platform 4.5:helm3-3.3.3-3.8.1 SUSE CaaS Platform 4.5:kubernetes-1.18-kubeadm-1.18.10-4.3.1 SUSE CaaS Platform 4.5:kubernetes-1.18-kubelet-1.18.10-4.3.1 SUSE CaaS Platform 4.5:patterns-caasp-Management-4.5-3.3.1 SUSE CaaS Platform 4.5:skuba-2.1.11-3.10.1 SUSE CaaS Platform 4.5:skuba-update-2.1.11-3.10.1 SUSE CaaS Platform 4.5:velero-1.4.2-3.3.1 SUSE Linux Enterprise Module for Containers 15 SP1:kubernetes-client-1.17.13-4.21.2 SUSE Linux Enterprise Module for Containers 15 SP1:kubernetes-common-1.17.13-4.21.2 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N