In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`. Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.
Upstream Fix: https://github.com/kubernetes/kubernetes/pull/95316
Acknowledgments: Name: the Kubernetes Product Security Committee Upstream: Patrick Rhomberg (purelyapplied)
External References: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://github.com/kubernetes/kubernetes/issues/95623
This issue has been addressed in the following products: Red Hat OpenShift Container Storage 4.7.0 on RHEL-8 Via RHSA-2021:2041 https://access.redhat.com/errata/RHSA-2021:2041
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8565
This issue has been addressed in the following products: Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 Via RHSA-2021:5085 https://access.redhat.com/errata/RHSA-2021:5085
This issue has been addressed in the following products: Red Hat OpenShift Data Foundation 4.9.0 on RHEL-8 Via RHSA-2021:5086 https://access.redhat.com/errata/RHSA-2021:5086