1. Home
  2. Vulnerabilities
  3. CVE-2020-8559

CVE-2020-8559

CVSS v3.1 6.8 (Medium)
68% Progress
CVSS v2.0 6 (Medium)
60% Progress
EPSS 0.34 % (72th)
0.34% Progress
Affected Products 1
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Weaknesses
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE Status
PUBLISHED
CNA
Kubernetes
Published Date
2020-07-22 14:15:16
(4 years ago)
Updated Date
2023-01-27 20:34:52
(19 months ago)

Affected Products

Kubernetes

Configuration #1

    CPE23 From Up To
  Kubernetes from 1.6.0 version and 1.15.0 and prior versions cpe:2.3:a:kubernetes:kubernetes >= 1.6.0 <= 1.15.0
  Kubernetes from 1.16.0 version and prior 1.16.13 version cpe:2.3:a:kubernetes:kubernetes >= 1.16.0 < 1.16.13
  Kubernetes from 1.17.0 version and prior 1.17.9 version cpe:2.3:a:kubernetes:kubernetes >= 1.17.0 < 1.17.9
  Kubernetes from 1.18.0 version and prior 1.18.6 version cpe:2.3:a:kubernetes:kubernetes >= 1.18.0 < 1.18.6