CVE-2020-8559

Medium

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated…

kubernetes·CWE-601·Published 2020-07-22

CVSS

6.8

EPSS

0.06

KEV

Exploits

cve.orgen

280 chars

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

NVDen

280 chars

OSV.deven

203 chars

The Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

GHSAen

280 chars

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.7 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

NVDes

319 chars

El Kubernetes kube-apiserver en versiones v1.6-v1.15 y versiones anteriores a v1.16.13, v1.17.9 y v1.18.6, son vulnerables a un redireccionamiento no validado en las peticiones de actualización proxy que podrían permitir a un atacante escalar privilegios desde un compromiso de nodo a un compromiso del clúster completo

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.0	6.8	6.4	AV:N/AC:M/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	6.8	0.9	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.4	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.4	—	—	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	6.8	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	6.4	0.5	5.9	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H