Published: 05/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 6.3 | Impact Score: 4 | Exploitability Score: 1.8

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes kubernetes 1.18.0
kubernetes kubernetes
fedoraproject fedora 32

Synopsis Moderate: OpenShift Container Platform 4236 openshift security update Type/Severity Security Advisory: Moderate Topic An update for openshift is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as having a security impact of Moderate A Com ...

Synopsis Moderate: OpenShift Container Platform 4325 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has ra ...

Synopsis Moderate: OpenShift Container Platform 448 openshift-enterprise-hyperkube-container security update Type/Severity Security Advisory: Moderate Topic An update for openshift-enterprise-hyperkube-container is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rat ...

Synopsis Moderate: OpenShift Container Platform 448 openshift security update Type/Severity Security Advisory: Moderate Topic An update for openshift is now available for Red Hat OpenShift Container Platform 44Red Hat Product Security has rated this update as having a security impact of Moderate A Comm ...

Certified Kubernetes Security Specialist (CKS) Coming soon November 2020 Online resources that will help you prepare for taking the Kubernetes Certified Kubernetes Security Specialist Certification exam Disclaimer: This is not likely a comprehensive list as the exam is not out yet, most likely will be a moving target with the fast pace of k8s development please make a pull re

CKS 官方考纲 CKS 官方考纲: [CKS_Curriculum_ v119pdf](/CKS_Curriculum_ v119pdf) Cluster Setup - 10% Securing a Cluster Use Network security policies to restrict cluster level access kubernetesio/docs/concepts/services-networking/network-policies/ Use CIS benchmark to review the security configuration of Kubernetes components(etcd, kubelet, kubedns, ku

CWE-918 https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion https://github.com/kubernetes/kubernetes/issues/91542 http://www.openwall.com/lists/oss-security/2020/06/01/4 https://security.netapp.com/advisory/ntap-20200724-0005/http://www.openwall.com/lists/oss-security/2021/05/04/8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2020:2594

CVE-2020-8555

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect