Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-8559

Summary
Assigner-kubernetes
Assigner Org ID-a6081bf6-c852-4425-ad4f-a67919267565
Published At-22 Jul, 2020 | 13:47
Updated At-16 Sep, 2024 | 17:58
Rejected At-
Credits

Privilege escalation from compromised node to cluster

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:kubernetes
Assigner Org ID:a6081bf6-c852-4425-ad4f-a67919267565
Published At:22 Jul, 2020 | 13:47
Updated At:16 Sep, 2024 | 17:58
Rejected At:
▼CVE Numbering Authority (CNA)
Privilege escalation from compromised node to cluster

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Affected Products
Vendor
KubernetesKubernetes
Product
Kubernetes
Versions
Affected
  • 1.6
  • 1.7
  • 1.8
  • 1.9
  • 1.10
  • 1.11
  • 1.12
  • 1.13
  • 1.14
  • 1.15
  • From 1.16 through 1.16.12 (custom)
  • From 1.17 through 1.17.8 (custom)
  • From 1.18 through 1.18.5 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-601CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Type: CWE
CWE ID: CWE-601
Description: CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
Metrics
VersionBase scoreBase severityVector
3.16.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Wouter ter Maat of Offensi
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
x_refsource_MISC
https://github.com/kubernetes/kubernetes/issues/92914
x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200810-0004/
x_refsource_CONFIRM
Hyperlink: https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
Resource:
x_refsource_MISC
Hyperlink: https://github.com/kubernetes/kubernetes/issues/92914
Resource:
x_refsource_MISC
Hyperlink: https://security.netapp.com/advisory/ntap-20200810-0004/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
x_refsource_MISC
x_transferred
https://github.com/kubernetes/kubernetes/issues/92914
x_refsource_MISC
x_transferred
https://security.netapp.com/advisory/ntap-20200810-0004/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/kubernetes/kubernetes/issues/92914
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20200810-0004/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jordan@liggitt.net
Published At:22 Jul, 2020 | 14:15
Updated At:27 Jan, 2023 | 20:34

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Secondary3.16.4MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Primary2.06.0MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 6.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 6.0
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P
CPE Matches
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.6.0(inclusive) to 1.15.0(inclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.16.0(inclusive) to 1.16.13(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.17.0(inclusive) to 1.17.9(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.18.0(inclusive) to 1.18.6(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-601Primarynvd@nist.gov
CWE-601Secondaryjordan@liggitt.net
CWE ID: CWE-601
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-601
Type: Secondary
Source: jordan@liggitt.net
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kubernetes/kubernetes/issues/92914jordan@liggitt.net
Exploit
Issue Tracking
Patch
Third Party Advisory
https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJjordan@liggitt.net
Exploit
Third Party Advisory
https://security.netapp.com/advisory/ntap-20200810-0004/jordan@liggitt.net
Third Party Advisory
Hyperlink: https://github.com/kubernetes/kubernetes/issues/92914
Source: jordan@liggitt.net
Resource:
Exploit
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
Source: jordan@liggitt.net
Resource:
Exploit
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20200810-0004/
Source: jordan@liggitt.net
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2020-8554
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-6.3||MEDIUM
EPSS-24.78% / 95.93%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 17:09
Updated-17 Sep, 2024 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes man in the middle using LoadBalancer or ExternalIPs

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

Action-Not Available
Vendor-Oracle CorporationKubernetes
Product-kubernetescommunications_cloud_native_core_service_communication_proxycommunications_cloud_native_core_policycommunications_cloud_native_core_network_slice_selection_functionKubernetes
CWE ID-CWE-283
Unverified Ownership
CVE-2022-2385
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-8.1||HIGH
EPSS-0.31% / 53.41%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 14:25
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AccessKeyID validation bypass

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

Action-Not Available
Vendor-Kubernetes
Product-aws-iam-authenticatoraws-iam-authenticator
CWE ID-CWE-20
Improper Input Validation
CVE-2019-14891
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.32% / 54.13%
||
7 Day CHG~0.00%
Published-25 Nov, 2019 | 10:31
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in cri-o, as a result of all pod-related processes being placed in the same memory cgroup. This can result in container management (conmon) processes being killed if a workload process triggers an out-of-memory (OOM) condition for the cgroup. An attacker could abuse this flaw to get host network access on an cri-o host.

Action-Not Available
Vendor-n/aFedora ProjectRed Hat, Inc.Kubernetes
Product-cri-oopenshift_container_platformfedoracri-o
CWE ID-CWE-460
Improper Cleanup on Thrown Exception
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2018-1002102
Matching Score-6
Assigner-Kubernetes
ShareView Details
Matching Score-6
Assigner-Kubernetes
CVSS Score-2.6||LOW
EPSS-0.28% / 51.25%
||
7 Day CHG~0.00%
Published-05 Dec, 2019 | 16:05
Updated-17 Sep, 2024 | 00:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes API server follows unvalidated redirects from streaming Kubelet endpoints

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

Action-Not Available
Vendor-Fedora ProjectKubernetes
Product-kubernetesfedoraKubernetes
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2021-25737
Matching Score-6
Assigner-Kubernetes
ShareView Details
Matching Score-6
Assigner-Kubernetes
CVSS Score-2.7||LOW
EPSS-0.55% / 66.82%
||
7 Day CHG~0.00%
Published-06 Sep, 2021 | 11:32
Updated-16 Sep, 2024 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Holes in EndpointSlice Validation Enable Host Network Hijack

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

Action-Not Available
Vendor-Kubernetes
Product-kubernetesKubernetes
CWE ID-CWE-184
Incomplete List of Disallowed Inputs
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2023-0748
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.4||MEDIUM
EPSS-0.26% / 48.93%
||
7 Day CHG~0.00%
Published-08 Feb, 2023 | 00:00
Updated-25 Mar, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open Redirect in btcpayserver/btcpayserver

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.

Action-Not Available
Vendor-btcpayserverbtcpayserver
Product-btcpayserverbtcpayserver/btcpayserver
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Details not found