In Kubernetes, if the logging level is to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like `kubectl`.
Previously, CVE-2019-11250 was assigned for the same issue for logging levels of at least 4.
Name: the Kubernetes Product Security Committee
Upstream: Patrick Rhomberg (purelyapplied)
This issue has been addressed in the following products:
Red Hat OpenShift Container Storage 4.7.0 on RHEL-8
Via RHSA-2021:2041 https://access.redhat.com/errata/RHSA-2021:2041
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):