Moderate severityNVD Advisory· Published Jul 22, 2020· Updated Sep 16, 2024

Privilege escalation from compromised node to cluster

CVE-2020-8559

Description

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
k8s.io/apimachineryGo	< 0.16.13	0.16.13
k8s.io/apimachineryGo	>= 0.17.0, < 0.17.9	0.17.9
k8s.io/apimachineryGo	>= 0.18.0, < 0.18.7	0.18.7
k8s.io/kubernetesGo	< 1.16.13	1.16.13
k8s.io/kubernetesGo	>= 1.17.0, < 1.17.9	1.17.9
k8s.io/kubernetesGo	>= 1.18.0, < 1.18.7	1.18.7

Affected products

Kubernetes/Kubernetesv5
Range: 1.6

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-33c5-9fx5-fvjmghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-8559ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsaWEB
github.com/kubernetes/kubernetes/issues/92914ghsax_refsource_MISCWEB
github.com/kubernetes/kubernetes/pull/92941ghsaWEB
groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJghsax_refsource_MISCWEB
groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROsghsaWEB
security.netapp.com/advisory/ntap-20200810-0004ghsaWEB
security.netapp.com/advisory/ntap-20200810-0004/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.041
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000