Vulnerability Description
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | >= 1.6.0, <= 1.15.0 |
Related Weaknesses (CWE)
References
- https://github.com/kubernetes/kubernetes/issues/92914ExploitIssue TrackingPatch
- https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wExploitThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200810-0004/Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/92914ExploitIssue TrackingPatch
- https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wExploitThird Party Advisory
- https://security.netapp.com/advisory/ntap-20200810-0004/Third Party Advisory
FAQ
What is CVE-2020-8559?
CVE-2020-8559 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an atta...
How severe is CVE-2020-8559?
CVE-2020-8559 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8559?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Kubernetes.