Improper Output Neutralization for Logs Affecting k8s.io/kubernetes/pkg/volume/rbd package, versions <1.20.0-alpha.2


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.05% (20th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-GOLANG-K8SIOKUBERNETESPKGVOLUMERBD-1018858
  • published16 Oct 2020
  • disclosed14 Oct 2020
  • creditUnknown

Introduced: 14 Oct 2020

CVE-2020-8566  (opens in a new tab)
CWE-117  (opens in a new tab)

How to fix?

Upgrade k8s.io/kubernetes/pkg/volume/rbd to version 1.20.0-alpha.2 or higher.

Overview

k8s.io/kubernetes/pkg/volume/rbd is an a package that contains the internal representation of Rados Block Store (Ceph) volumes.

Affected versions of this package are vulnerable to Improper Output Neutralization for Logs. Ceph RBD adminSecrets exposed in logs when loglevel >= 4

CVSS Scores

version 3.1