CVE-2020-8559
22.07.2020, 14:15
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
| Vendor | Product | Version |
|---|---|---|
| kubernetes | kubernetes | 1.6.0 ≤ 𝑥 ≤ 1.15.0 |
| kubernetes | kubernetes | 1.16.0 ≤ 𝑥 < 1.16.13 |
| kubernetes | kubernetes | 1.17.0 ≤ 𝑥 < 1.17.9 |
| kubernetes | kubernetes | 1.18.0 ≤ 𝑥 < 1.18.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References