vulnerability

Kubernetes: CVE-2020-8565: Incomplete fix for CVE-2019-11250 allows for token leak in logs

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:P/I:N/A:N)	Dec 7, 2020	Dec 21, 2020	Apr 17, 2026

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:N/A:N)

Published

Dec 7, 2020

Added

Dec 21, 2020

Modified

Apr 17, 2026

Description

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.3, <= v1.18.10, <= v1.17.13, < v1.20.0-alpha2.

Solutions

kubernetes-upgrade-1_17_13kubernetes-upgrade-1_18_10kubernetes-upgrade-1_19_3

References

CVE-2020-8565
https://attackerkb.com/topics/CVE-2020-8565
CWE-532
EUVD-EUVD-2023-0665
https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-0665
https://github.com/kubernetes/kubernetes/issues/95623

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report