CVE-2020-8559

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Published: Jul 22, 2020
Updated: May 4, 2025
CVE: CVE-2020-8559
GHSA: GHSA-33c5-9fx5-fvjm
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.8
AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6
AV:N/AC:M/Au:S/C:P/I:P/A:P

CWEs:

CWE-601

Affected Software
References

Software	From	Fixed in
kubernetes / kubernetes	1.18.0	1.18.6
kubernetes / kubernetes	1.6.0	1.15.0.x
kubernetes / kubernetes	1.17.0	1.17.9
kubernetes / kubernetes	1.16.0	1.16.13
k8s.io/apimachinery	-	0.16.13
k8s.io/apimachinery	0.17.0	0.17.9
k8s.io/apimachinery	0.18.0	0.18.7
k8s.io/kubernetes	-	1.16.13
k8s.io/kubernetes	1.17.0	1.17.9
k8s.io/kubernetes	1.18.0	1.18.7

https://bugzilla.redhat.com/show_bug.cgi?id=1851422
https://github.com/kubernetes/kubernetes/issues/92914
https://github.com/kubernetes/kubernetes/pull/92941
https://github.com/tdwyer/CVE-2020-8559
https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ
https://groups.google.com/g/kubernetes-security-announce/c/JAIGG5yNROs
https://security.netapp.com/advisory/ntap-20200810-0004
https://security.netapp.com/advisory/ntap-20200810-0004/

Vulnerability Database

289,697

CVE-2020-8559