CVE-2020-8559

Description from NVD

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Information Acquisition Date:2021-04-27T10:48Z
CVSS 2.0: 6.0 MEDIUM CVSS 3.x: 6.8 MEDIUM

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:S/C:P/I:P/A:P

NVD References

 https://github.com/kubernetes/kubernetes/issues/92914
     source:MISC
     tags:Exploit    Patch    Third Party Advisory    
 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
     source:MISC
     tags:Exploit    Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20200810-0004/
     source:CONFIRM
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://azure.microsoft.com/en-us/updates/azure-kubernetes-...22
https://www.cvebase.com/bugbounty7
https://github.com/kubernetes/kubernetes/issues/929143
https://opsmtrs.com/3h465au3

Information from Twitter

User URL Info Source Date
threatintelctr https://nvd.nist.gov/vuln/detail/CVE-2020-8559 Source threatintelctr   1619077002501279744 2023/01/28

List of frequently cited URLs

URLNum of Times Referred to
azure.microsoft.com22
www.cvebase.com7
github.com3
opsmtrs.com3

Information from Twitter

User URL Info Source
threatintelctr nvd.nist.gov Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2023/01/28 Score : 1
Added Har-sia Database : 2020/07/16
Last Modified : 2023/01/28
Highest Scored Date : 2020/09/02
Highest Score : 40