{
  "threat_severity" : "Moderate",
  "public_date" : "2020-10-14T00:00:00Z",
  "bugzilla" : {
    "description" : "kubernetes: Docker config secrets leaked when file is malformed and loglevel >= 4",
    "id" : "1886637",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1886637"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.3",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-117",
  "details" : [ "In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.", "A flaw was found in kubernetes. In Kubernetes, if the logging level is to at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This can occur with client tools like `kubectl`, or other components that use registry credentials in a docker config file." ],
  "acknowledgement" : "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Nikolaos Moraitis (Red Hat) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 3.11",
    "release_date" : "2021-08-25T00:00:00Z",
    "advisory" : "RHSA-2021:3193",
    "cpe" : "cpe:/a:redhat:openshift:3.11::el7",
    "package" : "atomic-openshift-0:3.11.501-1.git.0.f8c4746.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.4",
    "release_date" : "2021-02-03T00:00:00Z",
    "advisory" : "RHSA-2021:0281",
    "cpe" : "cpe:/a:redhat:openshift:4.4::el7",
    "package" : "openshift4/ose-docker-builder:v4.4.0-202101261542.p0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.5",
    "release_date" : "2020-12-15T00:00:00Z",
    "advisory" : "RHSA-2020:5359",
    "cpe" : "cpe:/a:redhat:openshift:4.5::el7",
    "package" : "openshift4/ose-docker-builder:v4.5.0-202012050338.p0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2020-10-27T00:00:00Z",
    "advisory" : "RHSA-2020:4297",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el7",
    "package" : "openshift-clients-0:4.6.0-202010081244.p0.git.3794.4743d24.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2021-01-25T00:00:00Z",
    "advisory" : "RHSA-2021:0172",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el7",
    "package" : "openshift-0:4.6.0-202101160934.p0.git.94242.fc5242e.el7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2020-12-14T00:00:00Z",
    "advisory" : "RHSA-2020:5259",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "openshift4/ose-docker-builder:v4.6.0-202012050130.p0"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4.6",
    "release_date" : "2021-01-25T00:00:00Z",
    "advisory" : "RHSA-2021:0171",
    "cpe" : "cpe:/a:redhat:openshift:4.6::el8",
    "package" : "openshift4/ose-hyperkube:v4.6.0-202101160934.p0"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "heketi",
    "cpe" : "cpe:/a:redhat:storage:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-8564\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8564\nhttps://github.com/kubernetes/kubernetes/issues/95622\nhttps://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk" ],
  "name" : "CVE-2020-8564",
  "csaw" : false
}