The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: kubernetes
Published: 2020-07-22T13:47:08.684571Z
Updated: 2024-09-16T17:58:15.587Z
Reserved: 2020-02-03T00:00:00
Link: CVE-2020-8559
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-07-22T14:15:16.517
Modified: 2023-01-27T20:34:52.773
Link: CVE-2020-8559
Redhat