Bug 1886637 (CVE-2020-8564)
| Summary: | CVE-2020-8564 kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4 | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adam.kaplan, aos-bugs, bmontgom, eparis, hchiramm, hvyas, jburrell, jmulligan, jokerman, madam, maszulik, mfojtik, nstielau, puebele, rhs-bugs, security-response-team, sponnaga, storage-qa-internal, sttts, wzheng, xxia |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | kubernetes 1.19.3, kubernetes 1.18.10, kubernetes 1.17.13 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-10-27 20:21:53 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1878091, 1887306, 1887308, 1887309, 1887310, 1887311, 1889786, 1889954, 1889955, 1889956, 1889957, 1898635 | ||
| Bug Blocks: | 1883756 | ||
|
Description
Sam Fowler
2020-10-09 01:44:23 UTC
Upstream Fix: https://github.com/kubernetes/kubernetes/pull/94712 Acknowledgments: Name: the Kubernetes Product Security Committee Upstream: Nikolaos Moraitis (Red Hat) External References: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://github.com/kubernetes/kubernetes/issues/95622 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4297 https://access.redhat.com/errata/RHSA-2020:4297 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8564 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:5259 https://access.redhat.com/errata/RHSA-2020:5259 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:5359 https://access.redhat.com/errata/RHSA-2020:5359 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2021:0172 https://access.redhat.com/errata/RHSA-2021:0172 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2021:0171 https://access.redhat.com/errata/RHSA-2021:0171 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.4 Via RHSA-2021:0281 https://access.redhat.com/errata/RHSA-2021:0281 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2021:3193 https://access.redhat.com/errata/RHSA-2021:3193 |