In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, < v1.20.0-alpha2.

Affected Packages

Go k8s.io/client-go

Affected versions: 0.19.0 (fixed in 0.19.6)

Go k8s.io/client-go

Affected versions: 0.20.0-alpha.0 (fixed in 0.20.0-alpha.2)

Go k8s.io/client-go

Affected versions: 0.18.0 (fixed in 0.18.14)

Go k8s.io/client-go

Affected versions: 0 (fixed in 0.17.16)

Go k8s.io/kubernetes

Affected versions: 0 (fixed in 1.20.0-alpha.2)

Related CVEs

CVE-2020-8565

Key Information

GHSA ID

GHSA-8cfg-vx93-jvxw

Published

February 6, 2023 11:27 PM

Last Modified

May 20, 2024 7:48 PM

CVSS Score

5.0 /10

Primary Ecosystem

Primary Package

k8s.io/client-go

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.