The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
https://github.com/kubernetes/kubernetes/issues/92914
https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
Source: MITRE
Published: 2020-07-22
Updated: 2020-08-10
Type: CWE-601
Base Score: 6
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 6.8
Severity: MEDIUM
Base Score: 6.8
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 0.9
Severity: MEDIUM
OR
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* versions from 1.6.0 to 1.15.0 (inclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
ID | Name | Product | Family | Severity |
---|---|---|---|---|
144942 | RHEL 7 / 8 : OpenShift Container Platform 4.4.32 packages and (RHSA-2021:0030) | Nessus | Red Hat Local Security Checks | medium |
144410 | RHEL 7 : OpenShift Container Platform 3.11.343 (RHSA-2020:5363) | Nessus | Red Hat Local Security Checks | medium |
140715 | Photon OS 2.0: Kubernetes PHSA-2020-2.0-0285 | Nessus | PhotonOS Local Security Checks | medium |
140706 | Photon OS 3.0: Kubernetes PHSA-2020-3.0-0142 | Nessus | PhotonOS Local Security Checks | medium |