In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file.
Upstream Fix: https://github.com/kubernetes/kubernetes/pull/94712
Acknowledgments: Name: the Kubernetes Product Security Committee Upstream: Nikolaos Moraitis (Red Hat)
External References: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk https://github.com/kubernetes/kubernetes/issues/95622
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:4297 https://access.redhat.com/errata/RHSA-2020:4297
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-8564
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2020:5259 https://access.redhat.com/errata/RHSA-2020:5259
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.5 Via RHSA-2020:5359 https://access.redhat.com/errata/RHSA-2020:5359
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2021:0172 https://access.redhat.com/errata/RHSA-2021:0172
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.6 Via RHSA-2021:0171 https://access.redhat.com/errata/RHSA-2021:0171
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.4 Via RHSA-2021:0281 https://access.redhat.com/errata/RHSA-2021:0281
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 3.11 Via RHSA-2021:3193 https://access.redhat.com/errata/RHSA-2021:3193