In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.

Affected Packages

Go github.com/kubernetes/kubernetes

Affected versions: 0 (fixed in 1.19.3)

Related CVEs

CVE-2020-8563

Key Information

GHSA ID

GHSA-5xfg-wv98-264m

Published

April 24, 2024 8:02 PM

Last Modified

April 24, 2024 8:02 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

github.com/kubernetes/kubernetes

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 24, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.