Bug 1851422 (CVE-2020-8559) - CVE-2020-8559 kubernetes: compromised node could escalate to cluster level privileges
Summary: CVE-2020-8559 kubernetes: compromised node could escalate to cluster level pr...
Keywords:
Status: NEW
Alias: CVE-2020-8559
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1852692 1852693 1852694 1852695 1852697 1852698 1852699 1852700 1853207 1853208 1853209 1853210 1857458 1861748 1861749 1861750 1861751 1861754 1861759 1852696
Blocks: 1851423
TreeView+ depends on / blocked
 
Reported: 2020-06-26 13:32 UTC by Michael Kaplan
Modified: 2020-09-10 21:21 UTC (History)
23 users (show)

Fixed In Version: kubernetes 1.18.6, kubernetes 1.17.9, kubernetes 1.16.13
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other endpoints that trust those credentials (including other clusters), allowing for escalation of privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability.
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Michael Kaplan 2020-06-26 13:32:24 UTC
If an attacker is able to intercept certain requests to the Kubelet, they
can send a redirect response that may be followed by a client using the
credentials from the original request. This can lead to compromise of other
nodes.

Comment 5 Hardik Vyas 2020-07-02 13:04:33 UTC
Statement:

Kubernetes is embedded in the version of heketi shipped with Red Hat Gluster Storage 3. However, it does not use Kubernetes API server part and only uses client side bits. Hence, this flaw does not affect heketi.

Comment 6 Sam Fowler 2020-07-15 06:48:34 UTC
Acknowledgments:

Name: the Kubernetes Product Security Committee
Upstream: Wouter ter Maat (Offensi)

Comment 7 Sam Fowler 2020-07-15 07:54:15 UTC
Upstream Issue:

https://github.com/kubernetes/kubernetes/issues/92914

Comment 8 Sam Fowler 2020-07-15 07:55:18 UTC
Upstream Patch:

https://github.com/kubernetes/kubernetes/pull/92941

Comment 10 Sam Fowler 2020-07-15 08:05:09 UTC
Mitigation:

No mitigation is known.

Comment 11 Sam Fowler 2020-07-15 22:06:15 UTC
External References:

https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs

Comment 12 Sam Fowler 2020-07-15 22:06:40 UTC
Created origin tracking bugs for this issue:

Affects: fedora-all [bug 1857458]


Note You need to log in before you can comment on or make changes to this bug.