Main Vulnerability Database Exploits ID:3932 - Exploit for Permissions, Privileges, and Access Controls in Kubernetes - CVE-2020-8559

ID:3932 - Exploit for Permissions, Privileges, and Access Controls in Kubernetes - CVE-2020-8559

Published: August 10, 2020

Vulnerability identifier: #VU34130

Vulnerability risk: Medium

CVE-ID: CVE-2020-8559

CWE-ID: CWE-264

Exploitation vector: Remote access

Vulnerable software:
Kubernetes

Link to public exploit:

https://github.com/tdwyer/CVE-2020-8559

Vulnerability description

The vulnerability allows a remote privileged user to execute arbitrary code.

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Remediation

Install update from vendor's website.

ID:3932 - Exploit for Permissions, Privileges, and Access Controls in Kubernetes - CVE-2020-8559

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human