Bug 1851422 (CVE-2020-8559) - CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges
Summary: CVE-2020-8559 kubernetes: compromised node could escalate to cluster level pr...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-8559
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1861748 1861749 1861750 1861751 1861754 1861759 1852692 1852693 1852694 1852695 1852696 1852697 1852698 1852699 1852700 1853207 1853208 1853209 1853210 1857458 1894005
Blocks: 1851423
TreeView+ depends on / blocked
 
Reported: 2020-06-26 13:32 UTC by Michael Kaplan
Modified: 2021-02-16 19:45 UTC (History)
23 users (show)

Fixed In Version: kubernetes 1.18.6, kubernetes 1.17.9, kubernetes 1.16.13
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other endpoints that trust those credentials (including other clusters), allowing for escalation of privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
Clone Of:
Environment:
Last Closed: 2020-12-01 11:33:55 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:5194 0 None None None 2020-12-01 10:48:49 UTC
Red Hat Product Errata RHSA-2020:5363 0 None None None 2020-12-16 12:35:12 UTC
Red Hat Product Errata RHSA-2021:0030 0 None None None 2021-01-13 17:25:29 UTC
Red Hat Product Errata RHSA-2021:0281 0 None None None 2021-02-03 10:11:37 UTC

Description Michael Kaplan 2020-06-26 13:32:24 UTC
If an attacker is able to intercept certain requests to the Kubelet, they
can send a redirect response that may be followed by a client using the
credentials from the original request. This can lead to compromise of other
nodes.

Comment 5 Hardik Vyas 2020-07-02 13:04:33 UTC
Statement:

Kubernetes is embedded in the version of heketi shipped with Red Hat Gluster Storage 3. However, it does not use Kubernetes API server part and only uses client side bits. Hence, this flaw does not affect heketi.

Comment 6 Sam Fowler 2020-07-15 06:48:34 UTC
Acknowledgments:

Name: the Kubernetes Product Security Committee
Upstream: Wouter ter Maat (Offensi)

Comment 7 Sam Fowler 2020-07-15 07:54:15 UTC
Upstream Issue:

https://github.com/kubernetes/kubernetes/issues/92914

Comment 8 Sam Fowler 2020-07-15 07:55:18 UTC
Upstream Patch:

https://github.com/kubernetes/kubernetes/pull/92941

Comment 10 Sam Fowler 2020-07-15 08:05:09 UTC
Mitigation:

No mitigation is known.

Comment 11 Sam Fowler 2020-07-15 22:06:15 UTC
External References:

https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs

Comment 12 Sam Fowler 2020-07-15 22:06:40 UTC
Created origin tracking bugs for this issue:

Affects: fedora-all [bug 1857458]

Comment 21 errata-xmlrpc 2020-12-01 10:48:45 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.5

Via RHSA-2020:5194 https://access.redhat.com/errata/RHSA-2020:5194

Comment 22 Product Security DevOps Team 2020-12-01 11:33:55 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-8559

Comment 23 errata-xmlrpc 2020-12-16 12:35:04 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.11

Via RHSA-2020:5363 https://access.redhat.com/errata/RHSA-2020:5363

Comment 25 errata-xmlrpc 2021-01-13 17:26:07 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2021:0030 https://access.redhat.com/errata/RHSA-2021:0030

Comment 26 errata-xmlrpc 2021-02-03 10:11:32 UTC
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.4

Via RHSA-2021:0281 https://access.redhat.com/errata/RHSA-2021:0281


Note You need to log in before you can comment on or make changes to this bug.