Security restrictions bypass in OpenShift Container Platform



Published: 2021-01-14
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2020-8559
CWE ID CWE-264
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
Red Hat OpenShift Container Platform
Client/Desktop applications / Software for system administration

openshift (Red Hat package)
Operating systems & Components / Operating system package or component

Vendor Red Hat Inc.

Security Advisory

This security advisory describes one medium risk vulnerability.

1) Permissions, Privileges, and Access Controls

Risk: Medium

CVSSv3: 5.8 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-8559

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: Yes

Description

The vulnerability allows a remote privileged user to execute arbitrary code.

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat OpenShift Container Platform: 4.4.0, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.14, 4.4.15, 4.4.16, 4.4.17, 4.4.18, 4.4.19, 4.4.20, 4.4.21, 4.4.22, 4.4.23, 4.4.24, 4.4.25, 4.4.26, 4.4.27, 4.4.28, 4.4.29, 4.4.30, 4.4.31

openshift (Red Hat package): 4.4.0-202006061254.git.1.dc84fb4.el7, 4.4.0-202006061254.git.1.dc84fb4.el8, 4.4.0-202007090832.p0.git.0.bc32fb1.el7, 4.4.0-202007090832.p0.git.0.bc32fb1.el8, 4.4.0-202011130111.p0.git.0.4861dfa.el7, 4.4.0-202011130111.p0.git.0.4861dfa.el8

CPE External links

https://access.redhat.com/errata/RHSA-2021:0030

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.