Bug 1954914 (CVE-2020-8562)
| Summary: | CVE-2020-8562 kubernetes: Bypass of Kubernetes API Server proxy TOCTOU | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | admiller, bmontgom, eparis, jburrell, jcajka, joelsmith, nstielau, sponnaga |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeControllerManager logs.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1956192, 1956193, 1956194, 1954980, 1954981, 1957061 | ||
| Bug Blocks: | 1954915 | ||
|
Description
Sam Fowler
2021-04-29 04:25:56 UTC
Acknowledgments: Name: the Kubernetes Product Security Committee Upstream: Javier Provecho (Telefonica) Created origin tracking bugs for this issue: Affects: fedora-all [bug 1957061] Upstream issue: https://github.com/kubernetes/kubernetes/issues/101493 |