{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"status": "affected", "version": "1.6"}, {"status": "affected", "version": "1.7"}, {"status": "affected", "version": "1.8"}, {"status": "affected", "version": "1.9"}, {"status": "affected", "version": "1.10"}, {"status": "affected", "version": "1.11"}, {"status": "affected", "version": "1.12"}, {"status": "affected", "version": "1.13"}, {"status": "affected", "version": "1.14"}, {"status": "affected", "version": "1.15"}, {"lessThanOrEqual": "1.16.12", "status": "affected", "version": "1.16", "versionType": "custom"}, {"lessThanOrEqual": "1.17.8", "status": "affected", "version": "1.17", "versionType": "custom"}, {"lessThanOrEqual": "1.18.5", "status": "affected", "version": "1.18", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Wouter ter Maat of Offensi"}], "datePublic": "2020-07-15T00:00:00", "descriptions": [{"lang": "en", "value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-601", "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-10T11:06:09", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/kubernetes/issues/92914"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200810-0004/"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/92914"], "discovery": "EXTERNAL"}, "title": "Privilege escalation from compromised node to cluster", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2020-07-15T16:00:00.000Z", "ID": "CVE-2020-8559", "STATE": "PUBLIC", "TITLE": "Privilege escalation from compromised node to cluster"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "<=", "version_name": "1.16", "version_value": "1.16.12"}, {"version_affected": "<=", "version_name": "1.17", "version_value": "1.17.8"}, {"version_affected": "<=", "version_name": "1.18", "version_value": "1.18.5"}, {"version_name": "1.6", "version_value": "1.6"}, {"version_name": "1.7", "version_value": "1.7"}, {"version_name": "1.8", "version_value": "1.8"}, {"version_name": "1.9", "version_value": "1.9"}, {"version_name": "1.10", "version_value": "1.10"}, {"version_name": "1.11", "version_value": "1.11"}, {"version_name": "1.12", "version_value": "1.12"}, {"version_name": "1.13", "version_value": "1.13"}, {"version_name": "1.14", "version_value": "1.14"}, {"version_name": "1.15", "version_value": "1.15"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "Wouter ter Maat of Offensi"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ", "refsource": "MISC", "url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"}, {"name": "https://github.com/kubernetes/kubernetes/issues/92914", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/92914"}, {"name": "https://security.netapp.com/advisory/ntap-20200810-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200810-0004/"}]}, "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/92914"], "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.331Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/92914"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200810-0004/"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2020-8559", "datePublished": "2020-07-22T13:47:08.684571Z", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2024-09-16T17:58:15.587Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "43222A9D-6D48-490F-8120-349DCE1C1218", "versionEndIncluding": "1.15.0", "versionStartIncluding": "1.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "FE1EA8C5-2EF4-4462-B693-FE20B3DF75C6", "versionEndExcluding": "1.16.13", "versionStartIncluding": "1.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "CC1FA454-87A3-480C-BB5E-A23086E2EA99", "versionEndExcluding": "1.17.9", "versionStartIncluding": "1.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E4009BA-8220-4B8E-8B4B-1ADA1680DD70", "versionEndExcluding": "1.18.6", "versionStartIncluding": "1.18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise."}, {"lang": "es", "value": "El Kubernetes kube-apiserver en versiones v1.6-v1.15 y versiones anteriores a v1.16.13, v1.17.9 y v1.18.6, son vulnerables a un redireccionamiento no validado en las peticiones de actualizaci\u00f3n proxy que podr\u00edan permitir a un atacante escalar privilegios desde un compromiso de nodo a un compromiso del cl\u00faster completo"}], "id": "CVE-2020-8559", "lastModified": "2024-11-21T05:39:01.920", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "jordan@liggitt.net", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-07-22T14:15:16.517", "references": [{"source": "jordan@liggitt.net", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/92914"}, {"source": "jordan@liggitt.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200810-0004/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/92914"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200810-0004/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "jordan@liggitt.net", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Wouter ter Maat (Offensi) as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:5363", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.346-1.git.0.ea10721.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-12-16T00:00:00Z"}, {"advisory": "RHSA-2021:0030", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift-0:4.4.0-202012052258.p0.git.0.0fd57a4.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2021-01-13T00:00:00Z"}, {"advisory": "RHSA-2021:0281", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift4/ose-hyperkube:v4.4.0-202101261542.p0", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2021-02-03T00:00:00Z"}, {"advisory": "RHSA-2020:5194", "cpe": "cpe:/a:redhat:openshift:4.5::el7", "package": "openshift4/ose-hyperkube:v4.5.0-202011211036.p0", "product_name": "Red Hat OpenShift Container Platform 4.5", "release_date": "2020-12-01T00:00:00Z"}, {"advisory": "RHBA-2020:4197", "cpe": "cpe:/a:redhat:openshift:4.6::el7", "package": "openshift-0:4.6.0-202010022112.p0.git.94033.ef41184.el8", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}, {"advisory": "RHSA-2020:4298", "cpe": "cpe:/a:redhat:openshift:4.6::el8", "package": "openshift4/ose-hyperkube:v4.6.0-202010081843.p0", "product_name": "Red Hat OpenShift Container Platform 4.6", "release_date": "2020-10-27T00:00:00Z"}], "bugzilla": {"description": "kubernetes: compromised node could escalate to cluster level privileges", "id": "1851422", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851422"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-601", "details": ["The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.", "A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other endpoints that trust those credentials (including other clusters), allowing for escalation of privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability."], "mitigation": {"lang": "en:us", "value": "No mitigation is known."}, "name": "CVE-2020-8559", "package_state": [{"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "openshift4/ose-openshift-apiserver-rhel9", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}], "public_date": "2020-07-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8559\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8559\nhttps://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs"], "statement": "Kubernetes is embedded in the version of heketi shipped with Red Hat Gluster Storage 3. However, it does not use Kubernetes API server part and only uses client side bits. Hence, this flaw does not affect heketi.", "threat_severity": "Moderate"}