CVE-2020-8559

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-8559

Severity

6.8

Medium

CVSS V3

Eliminate CVEs with Chainguard hardened images

Build, ship, and run secure software with minimal, hardened container images — rebuilt from source daily and guarded under our industry-leading remediation SLA.

Start for free

Description

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-8559
https://github.com/advisories/GHSA-33c5-9fx5-fvjm
https://pkg.go.dev/vuln/GO-2024-2748
https://github.com/kubernetes/kubernetes/issues/92914
https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
https://security.netapp.com/advisory/ntap-20200810-0004/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2020-8559

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company