{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"status": "affected", "version": "1.18.0"}, {"status": "affected", "version": "1.1"}, {"status": "affected", "version": "1.2"}, {"status": "affected", "version": "1.3"}, {"status": "affected", "version": "1.4"}, {"status": "affected", "version": "1.5"}, {"status": "affected", "version": "1.6"}, {"status": "affected", "version": "1.7"}, {"status": "affected", "version": "1.8"}, {"status": "affected", "version": "1.9"}, {"status": "affected", "version": "1.10"}, {"status": "affected", "version": "1.11"}, {"status": "affected", "version": "1.12"}, {"status": "affected", "version": "1.13"}, {"status": "affected", "version": "1.14"}, {"lessThan": "1.15.12", "status": "affected", "version": "1.15", "versionType": "custom"}, {"lessThan": "1.16.9", "status": "affected", "version": "1.16", "versionType": "custom"}, {"lessThan": "1.17.5", "status": "affected", "version": "1.17", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"}], "descriptions": [{"lang": "en", "value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services)."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server-Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-04T20:06:18", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"}, {"tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kubernetes/kubernetes/issues/91542"}, {"name": "FEDORA-2020-aeea04cd13", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20200724-0005/"}, {"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/91542"], "discovery": "EXTERNAL"}, "title": "Kubernetes kube-controller-manager SSRF", "workarounds": [{"lang": "en", "value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "", "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "", "ID": "CVE-2020-8555", "STATE": "PUBLIC", "TITLE": "Kubernetes kube-controller-manager SSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"platform": "", "version_affected": "<", "version_name": "1.15", "version_value": "1.15.12"}, {"platform": "", "version_affected": "<", "version_name": "1.16", "version_value": "1.16.9"}, {"platform": "", "version_affected": "<", "version_name": "1.17", "version_value": "1.17.5"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.18.0"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.1"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.2"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.3"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.4"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.5"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.6"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.7"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.8"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.9"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.10"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.11"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.12"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.13"}, {"platform": "", "version_affected": "", "version_name": "", "version_value": "1.14"}]}}]}, "vendor_name": "Kubernetes"}]}}, "configuration": [], "credit": [{"lang": "eng", "value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services)."}]}, "exploit": [], "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"}, {"name": "", "refsource": "MLIST", "url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"}, {"name": "https://github.com/kubernetes/kubernetes/issues/91542", "refsource": "CONFIRM", "url": "https://github.com/kubernetes/kubernetes/issues/91542"}, {"name": "FEDORA-2020-aeea04cd13", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}, {"name": "https://security.netapp.com/advisory/ntap-20200724-0005/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20200724-0005/"}, {"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"}]}, "solution": [], "source": {"advisory": "", "defect": ["https://github.com/kubernetes/kubernetes/issues/91542"], "discovery": "EXTERNAL"}, "work_around": [{"lang": "en", "value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC."}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T10:03:46.110Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"}, {"tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kubernetes/kubernetes/issues/91542"}, {"name": "FEDORA-2020-aeea04cd13", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20200724-0005/"}, {"name": "[oss-security] 20210504 [kubernetes] CVE-2020-8562: Bypass of Kubernetes API Server proxy TOCTOU", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"}]}]}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2020-8555", "datePublished": "2020-06-04T21:50:11.749943Z", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2024-09-16T18:39:58.006Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BB84B14-8D71-4BEA-90FC-DB76F9A0F781", "versionEndExcluding": "1.15.11", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "111CE2DC-82F8-4AF6-99B6-5BB847A18D95", "versionEndExcluding": "1.16.9", "versionStartIncluding": "1.16.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D5D5658-D416-434A-BA64-74DA2A4F13E2", "versionEndExcluding": "1.17.5", "versionStartIncluding": "1.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.18.0:-:*:*:*:*:*:*", "matchCriteriaId": "AF65B08E-28BD-496F-88AE-CB7271BD7379", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services)."}, {"lang": "es", "value": "El Kubernetes kube-controller-manager en las versiones v1.0-1.14, versiones anteriores a v1.15.12, v1.16.9, v1.17.5 y v1.18.0, son vulnerables a un ataque de tipo Server Side Request Forgery (SSRF) que permite que determinados usuarios autorizados pierdan hasta 500 bytes de informaci\u00f3n arbitraria de endpoints desprotegidos dentro de la red host del maestro (tales como los servicios link-local o loopback)"}], "id": "CVE-2020-8555", "lastModified": "2023-11-07T03:26:37.350", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2020-06-05T17:15:11.640", "references": [{"source": "jordan@liggitt.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/91542"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"}, {"source": "jordan@liggitt.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20200724-0005/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Brice Augras (Groupe-Asten) and Christophe Hauquiert (Nokia) as the original reporters.", "affected_release": [{"advisory": "RHSA-2020:2479", "cpe": "cpe:/a:redhat:openshift:3.11::el7", "package": "atomic-openshift-0:3.11.232-1.git.0.a5bc32f.el7", "product_name": "Red Hat OpenShift Container Platform 3.11", "release_date": "2020-06-18T00:00:00Z"}, {"advisory": "RHSA-2020:2594", "cpe": "cpe:/a:redhat:openshift:4.2::el7", "package": "openshift-0:4.2.36-202006211650.p0.git.0.1fe246f.el8", "product_name": "Red Hat OpenShift Container Platform 4.2", "release_date": "2020-07-01T00:00:00Z"}, {"advisory": "RHSA-2020:2440", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift-0:4.3.25-202006060952.git.1.96c30f6.el8", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHSA-2020:2441", "cpe": "cpe:/a:redhat:openshift:4.3::el7", "package": "openshift4/ose-hyperkube:v4.3.25-202006081335", "product_name": "Red Hat OpenShift Container Platform 4.3", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHSA-2020:2448", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift-0:4.4.0-202006061254.git.1.dc84fb4.el8", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}, {"advisory": "RHSA-2020:2449", "cpe": "cpe:/a:redhat:openshift:4.4::el7", "package": "openshift4/ose-hyperkube:v4.4.0-202006080610", "product_name": "Red Hat OpenShift Container Platform 4.4", "release_date": "2020-06-17T00:00:00Z"}], "bugzilla": {"description": "kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information", "id": "1821583", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821583"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-200", "details": ["The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).", "A server side request forgery (SSRF) flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the kube-apiserver through the unauthenticated localhost port (if enabled)."], "mitigation": {"lang": "en:us", "value": "Restrict use of the vulnerable volume type and restrict StorageClass write permissions via RBAC"}, "name": "CVE-2020-8555", "package_state": [{"cpe": "cpe:/a:redhat:openshift_container_storage:4", "fix_state": "Not affected", "package_name": "ocs4/rook-ceph-rhel8-operator", "product_name": "Red Hat Openshift Container Storage 4"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Affected", "impact": "low", "package_name": "heketi", "product_name": "Red Hat Storage 3"}], "public_date": "2020-06-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-8555\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8555\nhttps://groups.google.com/forum/#!topic/kubernetes-security-announce/kEK27tqqs30"], "statement": "OpenShift Container Platform does not expose kube-apiserver through an unauthenticated localhost port. However, other link-local addresses are reachable without authentication that allow an attacker to access sensitive data.\nThe version of heketi shipped with Red Hat Gluster Storage 3 includes the affected client side code for heketi and quobyte volume plugin, however the vulnerable functionality is currently not used by the product and hence this issue has been rated as having a security impact of Low.\nRed Hat Openshift Container Storage 4.2 is not affected by this vulnerability as rook-ceph-operator container does not include support for affected volume plugins(storageos, scaleio, glusterfs, quobyte).", "threat_severity": "Moderate", "upstream_fix": "kube-controller-manager 1.18.1, kube-controller-manager 1.17.5, kube-controller-manager 1.16.9, kube-controller-manager 1.15.12"}