CVE-2020-8559
published 2020-07-22CVE-2020-8559: The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied…
PriorityP335medium6.8CVSS 3.1
AVNACLPRHUIRSUCHIHAH
EPSS
6.10%
92.5th percentile
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Affected
29 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.18.5-1 (bookworm) | kubernetes 1.18.5-1 (bookworm) |
| k8s.io | apimachinery | >= 0 < 0.16.13 | 0.16.13 |
| k8s.io | apimachinery | >= 0.17.0 < 0.17.9 | 0.17.9 |
| k8s.io | apimachinery | >= 0.18.0 < 0.18.7-rc.0 | 0.18.7-rc.0 |
| k8s.io | apimachinery | >= 0.18.0 < 0.18.7 | 0.18.7 |
| k8s.io | kubernetes | >= 0 < 1.16.13 | 1.16.13 |
| k8s.io | kubernetes | >= 1.17.0 < 1.17.9 | 1.17.9 |
| k8s.io | kubernetes | >= 1.18.0 < 1.18.7 | 1.18.7 |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | — | — |
| kubernetes | kubernetes | >= 0 < 1.18.5-1 | 1.18.5-1 |
| kubernetes | kubernetes | >= 0 < 1.18.5-1 | 1.18.5-1 |
| kubernetes | kubernetes | >= 0 < 1.18.5-1 | 1.18.5-1 |
| kubernetes | kubernetes | >= 0 < 1.18.5-1 | 1.18.5-1 |
| kubernetes | kubernetes | 1.16 – 1.16.12 | — |
| kubernetes | kubernetes | >= 1.16.0 < 1.16.13 | 1.16.13 |
| kubernetes | kubernetes | 1.17 – 1.17.8 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The attack vector involves an attacker intercepting requests to the Kubelet and sending a crafted redirect response that is followed by the kube-apiserver client using the original request's credentials, enabling privilege escalation from a compromised node to full cluster compromise. ↗
- →Focus detection on unvalidated/unexpected HTTP redirect responses (3xx) returned by a Kubelet node during proxied upgrade requests (e.g., exec, attach, port-forward) handled by kube-apiserver, particularly where the redirect target differs from the expected node endpoint. ↗
- →Monitor for kube-apiserver audit logs showing credential reuse across unexpected endpoints following a redirect from a Kubelet node — this may indicate exploitation where credentials are forwarded to attacker-controlled or unintended cluster endpoints. ↗
- ·No mitigation is known for this vulnerability; patching to fixed versions is the only remediation. Detection/monitoring is the only compensating control. ↗
- ·Deployments using heketi (Red Hat Gluster Storage 3) are not affected because heketi only uses Kubernetes client-side bits and does not use the kube-apiserver component. ↗
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.0MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.4MEDIUM
vendor_redhat6.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kubernetes: compromised node could escalate to cluster level privileges
vendor_redhat·2020-07-15·CVSS 6.4
CVE-2020-8559 [MEDIUM] CWE-601 kubernetes: compromised node could escalate to cluster level privileges
kubernetes: compromised node could escalate to cluster level privileges
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other endpoints that trust those credentials (including other clusters), allowing for escalation of privileges. The highest threat from this vulnerability is
Debian
CVE-2020-8559: kubernetes - The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.1...
vendor_debian·2020·CVSS 6.4
CVE-2020-8559 [MEDIUM] CVE-2020-8559: kubernetes - The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.1...
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Scope: local
bookworm: resolved (fixed in 1.18.5-1)
bullseye: resolved (fixed in 1.18.5-1)
forky: resolved (fixed in 1.18.5-1)
sid: resolved (fixed in 1.18.5-1)
trixie: resolved (fixed in 1.18.5-1)
OSV
Privilege Escalation in Kubernetes in k8s.io/apimachinery
osv·2024-05-20
CVE-2020-8559 Privilege Escalation in Kubernetes in k8s.io/apimachinery
Privilege Escalation in Kubernetes in k8s.io/apimachinery
The Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
GHSA
Privilege Escalation in Kubernetes
ghsa·2024-04-24
CVE-2020-8559 [MEDIUM] CWE-601 Privilege Escalation in Kubernetes
Privilege Escalation in Kubernetes
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.7 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
OSV
Privilege Escalation in Kubernetes
osv·2024-04-24
CVE-2020-8559 [MEDIUM] Privilege Escalation in Kubernetes
Privilege Escalation in Kubernetes
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.7 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
OSV
CVE-2020-8559: The Kubernetes kube-apiserver in versions v1
osv·2020-07-22·CVSS 6.8
CVE-2020-8559 [MEDIUM] CVE-2020-8559: The Kubernetes kube-apiserver in versions v1
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
No detection rules found.
No public exploits indexed.
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
arxiv_fulltext·2024-07-31
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights
Raveen Kanishka Jayalath*
University of Adelaide, Australia
[email protected]
Hussain Ahmad* *Authors contributed equally to this work. Corresponding author.
University of Adelaide, Australia
[email protected]
Diksha Goel
CSIRO's Data61, Australia
[email protected]
3cmMuhammad Shuja Syed
3cmSLB, USA
[email protected]
Faheem Ullah
University of Adelaide, Australia
[email protected]
plain
## Abstract
Microservice architectures are revolutionizing both small businesses and large corporations, igniting a new era of innovation with their exceptional advantages in maintainability, reusability, and scalability. However, these benefits come w
Bugzilla
CVE-2020-8559 origin: kubernetes: compromised node could escalate to cluster level privileges [fedora-all]
bugzilla·2020-07-15·CVSS 6.4
CVE-2020-8559 [MEDIUM] CVE-2020-8559 origin: kubernetes: compromised node could escalate to cluster level privileges [fedora-all]
CVE-2020-8559 origin: kubernetes: compromised node could escalate to cluster level privileges [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affect
Bugzilla
CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges
bugzilla·2020-06-26·CVSS 6.4
CVE-2020-8559 [MEDIUM] CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges
CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges
If an attacker is able to intercept certain requests to the Kubelet, they
can send a redirect response that may be followed by a client using the
credentials from the original request. This can lead to compromise of other
nodes.
Discussion:
Statement:
Kubernetes is embedded in the version of heketi shipped with Red Hat Gluster Storage 3. However, it does not use Kubernetes API server part and only uses client side bits. Hence, this flaw does not affect heketi.
---
Acknowledgments:
Name: the Kubernetes Product Security Committee
Upstream: Wouter ter Maat (Offensi)
---
Upstream Issue:
https://github.com/kubernetes/kubernetes/issues/92914
---
Upstream Patch:
https://github.com/kubernetes/kuberne
https://github.com/kubernetes/kubernetes/issues/92914https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJhttps://security.netapp.com/advisory/ntap-20200810-0004/https://github.com/kubernetes/kubernetes/issues/92914https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJhttps://security.netapp.com/advisory/ntap-20200810-0004/
2020-07-22
Published