{ "threat_severity" : "Moderate", "public_date" : "2020-07-15T00:00:00Z", "bugzilla" : { "description" : "kubernetes: compromised node could escalate to cluster level privileges", "id" : "1851422", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1851422" }, "cvss3" : { "cvss3_base_score" : "6.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-601", "details" : [ "The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.", "A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other endpoints that trust those credentials (including other clusters), allowing for escalation of privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability." ], "statement" : "Kubernetes is embedded in the version of heketi shipped with Red Hat Gluster Storage 3. However, it does not use Kubernetes API server part and only uses client side bits. Hence, this flaw does not affect heketi.", "acknowledgement" : "Red Hat would like to thank the Kubernetes Product Security Committee for reporting this issue. Upstream acknowledges Wouter ter Maat (Offensi) as the original reporter.", "affected_release" : [ { "product_name" : "Red Hat OpenShift Container Platform 3.11", "release_date" : "2020-12-16T00:00:00Z", "advisory" : "RHSA-2020:5363", "cpe" : "cpe:/a:redhat:openshift:3.11::el7", "package" : "atomic-openshift-0:3.11.346-1.git.0.ea10721.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.4", "release_date" : "2021-01-13T00:00:00Z", "advisory" : "RHSA-2021:0030", "cpe" : "cpe:/a:redhat:openshift:4.4::el7", "package" : "openshift-0:4.4.0-202012052258.p0.git.0.0fd57a4.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.4", "release_date" : "2021-02-03T00:00:00Z", "advisory" : "RHSA-2021:0281", "cpe" : "cpe:/a:redhat:openshift:4.4::el7", "package" : "openshift4/ose-hyperkube:v4.4.0-202101261542.p0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.5", "release_date" : "2020-12-01T00:00:00Z", "advisory" : "RHSA-2020:5194", "cpe" : "cpe:/a:redhat:openshift:4.5::el7", "package" : "openshift4/ose-hyperkube:v4.5.0-202011211036.p0" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2020-10-27T00:00:00Z", "advisory" : "RHBA-2020:4197", "cpe" : "cpe:/a:redhat:openshift:4.6::el7", "package" : "openshift-0:4.6.0-202010022112.p0.git.94033.ef41184.el7" }, { "product_name" : "Red Hat OpenShift Container Platform 4.6", "release_date" : "2020-10-27T00:00:00Z", "advisory" : "RHSA-2020:4298", "cpe" : "cpe:/a:redhat:openshift:4.6::el8", "package" : "openshift4/ose-hyperkube:v4.6.0-202010081843.p0" } ], "package_state" : [ { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Not affected", "package_name" : "openshift4/ose-openshift-apiserver-rhel8", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Storage 3", "fix_state" : "Not affected", "package_name" : "heketi", "cpe" : "cpe:/a:redhat:storage:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-8559\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-8559\nhttps://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs" ], "name" : "CVE-2020-8559", "mitigation" : { "value" : "No mitigation is known.", "lang" : "en:us" }, "csaw" : false }