CVE-2020-8559

URL Redirection to Untrusted Site (Open Redirect) in go/github.com/kubernetes/apimachinery

Identifiers

CVE-2020-8559

Package Slug

go/github.com/kubernetes/apimachinery

Vulnerability

URL Redirection to Untrusted Site (Open Redirect)

Description

The Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Affected Versions

All versions starting from 1.7.6 up to 1.16.13, all versions starting from 1.17.0 before 1.17.9, all versions starting from 1.18.0 before 1.18.6

Solution

Upgrade to version 0.19.0-rc.1. Note: 0.19.0-rc.1 may be an unstable version. Use caution.

Last Modified

2020-07-28

source