Bug 1954914 (CVE-2020-8562) - CVE-2020-8562 kubernetes: Bypass of Kubernetes API Server proxy TOCTOU
Summary: CVE-2020-8562 kubernetes: Bypass of Kubernetes API Server proxy TOCTOU
Keywords:
Status: NEW
Alias: CVE-2020-8562
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 1956192 1956193 1956194 1954980 1954981 1957061
Blocks: 1954915
TreeView+ depends on / blocked
 
Reported: 2021-04-29 04:25 UTC by Sam Fowler
Modified: 2023-07-07 08:29 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeControllerManager logs.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Sam Fowler 2021-04-29 04:25:56 UTC 
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeControllerManager logs.
Comment 1 Sam Fowler 2021-04-29 04:26:00 UTC 
Acknowledgments:

Name: the Kubernetes Product Security Committee
Upstream: Javier Provecho (Telefonica)
Comment 7 Sam Fowler 2021-05-04 23:48:08 UTC 
Created origin tracking bugs for this issue:

Affects: fedora-all [bug 1957061]
Comment 8 Sam Fowler 2021-07-14 05:03:10 UTC 
Upstream issue:

https://github.com/kubernetes/kubernetes/issues/101493
Note You need to log in before you can comment on or make changes to this bug.