vulnerability

Kubernetes: CVE-2020-8565: Incomplete fix for CVE-2019-11250 allows for token leak in logs

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Dec 7, 2020	Dec 21, 2020	Aug 11, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Dec 7, 2020

Added

Dec 21, 2020

Modified

Aug 11, 2025

Description

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

Solutions

kubernetes-upgrade-1_17_13kubernetes-upgrade-1_18_10kubernetes-upgrade-1_19_3

References

CVE-2020-8565
https://attackerkb.com/topics/CVE-2020-8565
CWE-532
URL-https://github.com/kubernetes/kubernetes/issues/95623

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today