An information disclosure vulnerability in the Apache Tomcat cloud membership component exposes Kubernetes bearer tokens in log files, creating a high risk of credential theft.

This is an "Insertion of Sensitive Information into Log File" vulnerability. The cloud membership for clustering component improperly handles internal tokens, resulting in the writing of cleartext Kubernetes bearer tokens to application or system logs.

Exposure of Kubernetes bearer tokens provides an attacker with the necessary credentials to interact with the Kubernetes API, potentially leading to full cluster compromise. With a CVSS score of 7.5, this flaw presents a severe risk of unauthorized privilege escalation and lateral movement within containerized environments.

Immediate Action: Update Apache Tomcat to the latest version provided by the vendor and rotate any potentially exposed Kubernetes bearer tokens immediately.

Proactive Monitoring: Scan existing log files for patterns matching Kubernetes tokens and monitor for unauthorized usage of tokens identified in the logs.

Compensating Controls: Use log masking or redaction tools to prevent sensitive data from being written to persistent storage and restrict access to log aggregation platforms.

Public Exploit Available: false

The exposure of cluster credentials is a critical security event. Administrators must prioritize the update of Tomcat components and perform a thorough audit of their logging environments to ensure no tokens have been cached or indexed by unauthorized systems.