{"vulnerability": "CVE-2020-8565", "sightings": [{"uuid": "3e97c412-fcc9-4a05-80ec-7e4be1280660", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8565", "type": "seen", "source": "https://t.me/k8security/128", "content": "\u041c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0441 \u0443\u0442\u0435\u0447\u043a\u043e\u0439 secret \u0434\u0430\u043d\u043d\u044b\u0445 \u043f\u0440\u0438 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u043d\u043e\u043c \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u043c \u043b\u043e\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438\n\n- CVE-2020-8563: \u0423\u0442\u0435\u0447\u043a\u0430 VSphere Cloud \u043a\u0440\u0435\u0434\u043e\u0432 (\u0438\u0437 secret) \u0447\u0435\u0440\u0435\u0437 \u043b\u043e\u0433\u0438 \u043f\u0440\u0438 logLevel >= 4\n- CVE-2020-8564: \u0423\u0442\u0435\u0447\u043a\u0430 pull secrets \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u043a\u0440\u0435\u0434 \u0432 docker \u043a\u043e\u043d\u0444\u0438\u0433 \u0444\u0430\u0439\u043b\u0435 \u0447\u0435\u0440\u0435\u0437 \u043b\u043e\u0433\u0438 \u043f\u0440\u0438 loglevel >= 4\n- CVE-2020-8565: \u0423\u0442\u0435\u0447\u043a\u0430 Kubernetes authorization tokens (\u0432\u043a\u043b\u044e\u0447\u0430\u044f bearer tokens \u0438 basic auth) \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0444\u0438\u043a\u0441\u0430 CVE-2019-11250 \u0447\u0435\u0440\u0435\u0437 \u043b\u043e\u0433\u0438 \u043f\u0440\u0438 logLevel >= 9\n- CVE-2020-8566: \u0423\u0442\u0435\u0447\u043a\u0430 Ceph RBD Admin secrets \u0447\u0435\u0440\u0435\u0437 \u043b\u043e\u0433\u0438 \u043f\u0440\u0438 loglevel >= 4  \n\n\u0414\u0435\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u043e\u0431\u0437\u043e\u0440 CVE-2020-8563 \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0442\u0443\u0442.\n\n\u041a\u043e\u043d\u0435\u0447\u043d\u043e, \u0443 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0435\u0433\u043e \u0434\u043e\u043b\u0436\u043d\u0430 \u0431\u044b\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0439 \u043b\u043e\u0433 =)", "creation_timestamp": "2020-10-19T07:56:11.000000Z"}, {"uuid": "7e78a56a-97c4-435d-a26e-0efc8be4d359", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-8565", "type": "seen", "source": "https://t.me/cibsecurity/17221", "content": "\u203c CVE-2020-8565 \u203c\n\nIn Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-08T00:30:21.000000Z"}]}