CVE-2020-8559

Name of the Vulnerable Software and Affected Versions Kubernetes kube-apiserver versions v1.6 through v1.15 Kubernetes kube-apiserver versions prior to v1.16.13 Kubernetes kube-apiserver versions prior to v1.17.9 Kubernetes kube-apiserver versions prior to v1.18.6

Description The issue is related to an unvalidated redirect on proxied upgrade requests in the Kubernetes kube-apiserver. This could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. The exploitation of this issue may enable a remote attacker to increase their privileges.

Recommendations For versions v1.6 through v1.15, update to a version after v1.15. For versions prior to v1.16.13, update to v1.16.13 or later. For versions prior to v1.17.9, update to v1.17.9 or later. For versions prior to v1.18.6, update to v1.18.6 or later. As a temporary workaround, consider restricting access to proxied upgrade requests until a patch is available.