CVE-2020-8555
published 2020-06-05CVE-2020-8555: The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side…
PriorityP341medium6.3CVSS 3.1
AVNACHPRLUINSCCHINAN
EPSS
3.68%
88.3th percentile
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
Affected
28 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.20.5+really1.20.2-1 (bookworm) | kubernetes 1.20.5+really1.20.2-1 (bookworm) |
| debian | kubernetes | < kubernetes 1.18.2-1 (bookworm) | kubernetes 1.18.2-1 (bookworm) |
| fedoraproject | fedora | — | — |
| k8s.io | kubernetes | >= 0 < 1.15.12 | 1.15.12 |
| k8s.io | kubernetes | 0 – 1.18.19 | — |
| k8s.io | kubernetes | >= 1.16.0 < 1.16.9 | 1.16.9 |
| k8s.io | kubernetes | >= 1.17.0 < 1.17.4 | 1.17.4 |
| k8s.io | kubernetes | >= 1.18.0 < 1.18.1 | 1.18.1 |
| k8s.io | kubernetes | 1.19.0 – 1.19.11 | — |
| k8s.io | kubernetes | 1.20.0 – 1.20.7 | — |
| k8s.io | kubernetes | 1.21.0 – 1.21.1 | — |
| kubernetes | kubernetes | < * | * |
| kubernetes | kubernetes | < 1.15.11 | 1.15.11 |
| kubernetes | kubernetes | <= 1.18.18 | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.18.2-1 | 1.18.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.18.2-1 | 1.18.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.18.2-1 | 1.18.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.18.2-1 | 1.18.2-1 |
| kubernetes | kubernetes | >= 1.16.0 < 1.16.9 | 1.16.9 |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
ghsa6.3MEDIUM
osv6.3MEDIUM
vendor_debian6.3MEDIUM
vendor_redhat6.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kubernetes: Bypass of Kubernetes API Server proxy TOCTOU
vendor_redhat·2021-05-04·CVSS 6.3
CVE-2020-8562 [MEDIUM] CWE-367 kubernetes: Bypass of Kubernetes API Server proxy TOCTOU
kubernetes: Bypass of Kubernetes API Server proxy TOCTOU
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
A security issue was discovered in Kubern
Red Hat
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
vendor_redhat·2020-06-01·CVSS 6.3
CVE-2020-8555 [MEDIUM] CWE-200 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
A server side request forgery (SSRF) flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the kube-apiserv
Debian
CVE-2020-8562: kubernetes - As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to p...
vendor_debian·2020·CVSS 6.3
CVE-2020-8562 [MEDIUM] CVE-2020-8562: kubernetes - As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to p...
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
Scope: local
bookworm: resolved (fixed in 1.20.5+really1.20.2-1)
bullseye: resolved (fixed in 1.20.5
Debian
CVE-2020-8555: kubernetes - The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to ...
vendor_debian·2020·CVSS 6.3
CVE-2020-8555 [MEDIUM] CVE-2020-8555: kubernetes - The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to ...
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
Scope: local
bookworm: resolved (fixed in 1.18.2-1)
bullseye: resolved (fixed in 1.18.2-1)
forky: resolved (fixed in 1.18.2-1)
sid: resolved (fixed in 1.18.2-1)
trixie: resolved (fixed in 1.18.2-1)
OSV
Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
osv·2024-08-21
CVE-2020-8555 Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
Server Side Request Forgery (SSRF) in Kubernetes in k8s.io/kubernetes
OSV
Server Side Request Forgery (SSRF) in Kubernetes
osv·2022-02-15
CVE-2020-8555 [MEDIUM] Server Side Request Forgery (SSRF) in Kubernetes
Server Side Request Forgery (SSRF) in Kubernetes
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
GHSA
Server Side Request Forgery (SSRF) in Kubernetes
ghsa·2022-02-15
CVE-2020-8555 [MEDIUM] CWE-918 Server Side Request Forgery (SSRF) in Kubernetes
Server Side Request Forgery (SSRF) in Kubernetes
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
OSV
Potential proxy IP restriction bypass in Kubernetes
osv·2022-02-02·CVSS 6.3
CVE-2020-8562 [MEDIUM] Potential proxy IP restriction bypass in Kubernetes
Potential proxy IP restriction bypass in Kubernetes
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane. All versions of Kubernetes are impacted, and th
GHSA
Potential proxy IP restriction bypass in Kubernetes
ghsa·2022-02-02·CVSS 6.3
CVE-2020-8562 [MEDIUM] CWE-367 Potential proxy IP restriction bypass in Kubernetes
Potential proxy IP restriction bypass in Kubernetes
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane. All versions of Kubernetes are impacted, and th
OSV
CVE-2020-8562: As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost netw
osv·2022-02-01·CVSS 6.3
CVE-2020-8562 [MEDIUM] CVE-2020-8562: As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost netw
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
OSV
CVE-2020-8555: The Kubernetes kube-controller-manager in versions v1
osv·2020-06-05·CVSS 6.3
CVE-2020-8555 [MEDIUM] CVE-2020-8555: The Kubernetes kube-controller-manager in versions v1
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2020-8555 origin: kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information [fedora-all]
bugzilla·2020-06-01·CVSS 6.3
CVE-2020-8555 [MEDIUM] CVE-2020-8555 origin: kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information [fedora-all]
CVE-2020-8555 origin: kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpk
Bugzilla
CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
bugzilla·2020-04-07·CVSS 6.3
CVE-2020-8555 [MEDIUM] CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
CVE-2020-8555 kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information
There exists a Server Side Request Forgery (SSRF) vulnerability in
kube-controller-manager that allows certain authorized users to leak up to
500 bytes of arbitrary information from the master's host network,
including secrets from the kube-apiserver through the unauthenticated
localhost port (if enabled).
An attacker with permissions to create a pod with certain built-in Volume
types (GlusterFS, Quobyte, StorageFS, ScaleIO) or permissions to create a
StorageClass can cause kube-controller-manager to make GET requests or POST
requests without an attacker controlled request body from the master's host
network.
Discussion:
Statement:
OpenShift Container Platfor
http://www.openwall.com/lists/oss-security/2020/06/01/4http://www.openwall.com/lists/oss-security/2021/05/04/8https://github.com/kubernetes/kubernetes/issues/91542https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussionhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/https://security.netapp.com/advisory/ntap-20200724-0005/http://www.openwall.com/lists/oss-security/2020/06/01/4http://www.openwall.com/lists/oss-security/2021/05/04/8https://github.com/kubernetes/kubernetes/issues/91542https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussionhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/https://security.netapp.com/advisory/ntap-20200724-0005/
2020-06-05
Published