Information Exposure Through Log Files Affecting spark-operator package, versions <1.1.27-r17


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.05% (20th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Information Exposure Through Log Files vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-WOLFILATEST-SPARKOPERATOR-6252289
  • published17 Feb 2024
  • disclosed7 Dec 2020

Introduced: 7 Dec 2020

CVE-2020-8564  (opens in a new tab)
CWE-532  (opens in a new tab)

How to fix?

Upgrade Wolfi spark-operator to version 1.1.27-r17 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream spark-operator package and not the spark-operator package as distributed by Wolfi. See How to fix? for Wolfi relevant fixed versions and status.

In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13.

CVSS Scores

version 3.1