Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-csq4-589g-qfa4
Summary
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects <= v1.19.5, <= v1.18.13, <= v1.17.15, < v1.20.0-alpha2.
Aliases
0
alias CVE-2020-8565
1
alias GHSA-8cfg-vx93-jvxw
Fixed_packages
0
url pkg:deb/debian/kubernetes@1.20.0-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.0-1%3Fdistro=trixie
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
4
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
5
url pkg:golang/k8s.io/client-go@0.17.16
purl pkg:golang/k8s.io/client-go@0.17.16
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/client-go@0.17.16
6
url pkg:golang/k8s.io/client-go@0.18.14
purl pkg:golang/k8s.io/client-go@0.18.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/client-go@0.18.14
7
url pkg:golang/k8s.io/client-go@0.19.6
purl pkg:golang/k8s.io/client-go@0.19.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/client-go@0.19.6
8
url pkg:golang/k8s.io/client-go@0.20.0-alpha.2
purl pkg:golang/k8s.io/client-go@0.20.0-alpha.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/client-go@0.20.0-alpha.2
9
url pkg:golang/k8s.io/kubernetes@1.20.0-alpha.2
purl pkg:golang/k8s.io/kubernetes@1.20.0-alpha.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.20.0-alpha.2
Affected_packages
0
url pkg:rpm/redhat/mcg@5.9.0-28.61dcf87.5.9?arch=el8
purl pkg:rpm/redhat/mcg@5.9.0-28.61dcf87.5.9?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-35du-rm88-k7bw
1
vulnerability VCID-5wtx-278c-nycq
2
vulnerability VCID-ayxa-s9j4-k7hd
3
vulnerability VCID-csq4-589g-qfa4
4
vulnerability VCID-z1ct-cecz-mqer
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mcg@5.9.0-28.61dcf87.5.9%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8565.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8565.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8565
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18283
published_at 2026-04-21T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18257
published_at 2026-04-18T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18244
published_at 2026-04-16T12:55:00Z
3
value 0.00058
scoring_system epss
scoring_elements 0.183
published_at 2026-04-13T12:55:00Z
4
value 0.00058
scoring_system epss
scoring_elements 0.18399
published_at 2026-04-11T12:55:00Z
5
value 0.00058
scoring_system epss
scoring_elements 0.184
published_at 2026-04-09T12:55:00Z
6
value 0.00058
scoring_system epss
scoring_elements 0.18348
published_at 2026-04-08T12:55:00Z
7
value 0.00058
scoring_system epss
scoring_elements 0.18265
published_at 2026-04-07T12:55:00Z
8
value 0.00058
scoring_system epss
scoring_elements 0.18557
published_at 2026-04-04T12:55:00Z
9
value 0.00058
scoring_system epss
scoring_elements 0.18503
published_at 2026-04-02T12:55:00Z
10
value 0.00058
scoring_system epss
scoring_elements 0.18351
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8565
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8565
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8565
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/kubernetes/client-go
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/client-go
5
reference_url https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/client-go/commit/19875a3d5a2e0d4f51c976a9e0662de3c2c011e3
6
reference_url https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/client-go/commit/1b8383fc150c9b816b0072032cca75754c2734d0
7
reference_url https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/client-go/commit/44e1a07f2d513e375c4b6ee6e890040b47befe86
8
reference_url https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/client-go/commit/e8f871a2e5fadf90fc114565abc0963967f1a373
9
reference_url https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/e99df0e5a75eb6e86123b56d53e9b7ca0fd00419
10
reference_url https://github.com/kubernetes/kubernetes/issues/95623
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/95623
11
reference_url https://github.com/kubernetes/kubernetes/pull/95316
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/95316
12
reference_url https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8565
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8565
14
reference_url https://pkg.go.dev/vuln/GO-2021-0064
reference_id
reference_type
scores
0
value 4.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2021-0064
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1886638
reference_id 1886638
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1886638
16
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972649
reference_id 972649
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972649
17
reference_url https://access.redhat.com/errata/RHSA-2021:2041
reference_id RHSA-2021:2041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2041
18
reference_url https://access.redhat.com/errata/RHSA-2021:5085
reference_id RHSA-2021:5085
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5085
19
reference_url https://access.redhat.com/errata/RHSA-2021:5086
reference_id RHSA-2021:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5086
Weaknesses
0
cwe_id 532
name Insertion of Sensitive Information into Log File
description Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information.
1
cwe_id 117
name Improper Output Neutralization for Logs
description The product does not neutralize or incorrectly neutralizes output that is written to logs.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-csq4-589g-qfa4