CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 3CVE-2020-8559 – Privilege escalation from compromised node to cluster
https://notcve.org/view.php?id=CVE-2020-8559
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. El Kubernetes kube-apiserver en versiones v1.6-v1.15 y versiones anteriores a v1.16.13, v1.17.9 y v1.18.6, son vulnerables a un redireccionamiento no validado en las peticiones de actualización proxy que podrían permitir a un atacante escalar privilegios desde un compromiso de nodo a un compromiso del clúster completo A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other endpoints that trust those credentials (including other clusters), allowing for escalation of privileges. The highest threat from this vulnerability is to confidentiality, integrity, and system availability. • https://github.com/tdwyer/CVE-2020-8559 https://github.com/kubernetes/kubernetes/issues/92914 https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ https://security.netapp.com/advisory/ntap-20200810-0004 https://access.redhat.com/security/cve/CVE-2020-8559 https://bugzilla.redhat.com/show_bug.cgi?id=1851422 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2020-8558 – Kubernetes node setting allows for neighboring hosts to bypass localhost boundary
https://notcve.org/view.php?id=CVE-2020-8558
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. Se encontró que los componentes Kubelet y kube-proxy en las versiones 1.1.0-1.16.10, 1.17.0-1.17.6 y 1.18.0-1.18.3, contienen un problema de seguridad que permite a los hosts adyacentes alcanzar los servicios TCP y UDP vinculados a la versión 127.0.0.1, que se ejecutan en el nodo o en el espacio de nombres de red del nodo. Dicho servicio se considera generalmente que puede ser alcanzado solo por otros procesos en el mismo host, pero debido a esta defensa, podrían ser alcanzados por otros hosts en la misma LAN que el nodo o por contenedores que se ejecutan en el mismo nodo que el servicio A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication. • https://github.com/kubernetes/kubernetes/issues/92315 https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ https://security.netapp.com/advisory/ntap-20200821-0001 https://access.redhat.com/security/cve/CVE-2020-8558 https://bugzilla.redhat.com/show_bug.cgi?id=1843358 • CWE-300: Channel Accessible by Non-Endpoint CWE-420: Unprotected Alternate Channel •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8555 – Kubernetes kube-controller-manager SSRF
https://notcve.org/view.php?id=CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). El Kubernetes kube-controller-manager en las versiones v1.0-1.14, versiones anteriores a v1.15.12, v1.16.9, v1.17.5 y v1.18.0, son vulnerables a un ataque de tipo Server Side Request Forgery (SSRF) que permite que determinados usuarios autorizados pierdan hasta 500 bytes de información arbitraria de endpoints desprotegidos dentro de la red host del maestro (tales como los servicios link-local o loopback) A server side request forgery (SSRF) flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the kube-apiserver through the unauthenticated localhost port (if enabled). • http://www.openwall.com/lists/oss-security/2020/06/01/4 http://www.openwall.com/lists/oss-security/2021/05/04/8 https://github.com/kubernetes/kubernetes/issues/91542 https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX https://security.netapp.com/advisory/ntap-20200724-0005 https://access.redhat.com/security/cve/CVE-2020-8555 https://bugzil • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-11254 – Kubernetes API Server denial of service vulnerability from malicious YAML payloads
https://notcve.org/view.php?id=CVE-2019-11254
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. El componente Kubernetes API Server en versiones 1.1-1.14 y versiones anteriores a 1.15.10, 1.16.7 y 1.17.3, permite a un usuario autorizado que envía cargas maliciosas de YAML causar que el kube-apiserver consuma ciclos de CPU excesivos mientras analiza YAML. • https://github.com/kubernetes/kubernetes/issues/89535 https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ https://security.netapp.com/advisory/ntap-20200413-0003 https://access.redhat.com/security/cve/CVE-2019-11254 https://bugzilla.redhat.com/show_bug.cgi?id=1819486 • CWE-400: Uncontrolled Resource Consumption CWE-1050: Excessive Platform Resource Consumption within a Loop •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-8552 – Kubernetes API server denial of service
https://notcve.org/view.php?id=CVE-2020-8552
The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests. Se detectó que el componente servidor de la API Kubernetes en versiones anteriores a 1.15.9, versiones 1.16.0-1.16.6 y versiones 1.17.0-1.17.2, es vulnerable a un ataque de denegación de servicio versiones por medio de unas peticiones de la API con éxito. A denial of service vulnerability was found in the Kubernetes API server. This flaw allows a remote attacker to send repeated, crafted HTTP requests to exhaust available memory and cause a crash. • https://github.com/kubernetes/kubernetes/issues/89378 https://groups.google.com/forum/#%21topic/kubernetes-security-announce/2UOlsba2g0s https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX https://security.netapp.com/advisory/ntap-20200413-0003 https://access.redhat.com/security/cve/CVE-2020-8552 https://bugzilla.redhat.com/show_bug.cgi?id=1797909 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling CWE-789: Memory Allocation with Excessive Size Value •