ALT-PU-2020-2299-2
Package kubernetes updated to version 1.18.5-alt1 for branch sisyphus in task 254354.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
- http://www.openwall.com/lists/oss-security/2020/06/01/4
- http://www.openwall.com/lists/oss-security/2021/05/04/8
- https://github.com/kubernetes/kubernetes/issues/91542
- https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
- https://security.netapp.com/advisory/ntap-20200724-0005/
- http://www.openwall.com/lists/oss-security/2020/06/01/4
- http://www.openwall.com/lists/oss-security/2021/05/04/8
- https://github.com/kubernetes/kubernetes/issues/91542
- https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/
- https://security.netapp.com/advisory/ntap-20200724-0005/
Modified: 2024-11-21
CVE-2020-8558
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.
- https://github.com/kubernetes/kubernetes/issues/92315
- https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
- https://security.netapp.com/advisory/ntap-20200821-0001/
- https://github.com/kubernetes/kubernetes/issues/92315
- https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
- https://security.netapp.com/advisory/ntap-20200821-0001/
Modified: 2023-01-07
GHSA-wqv3-8cm6-h6wg
Improper Authentication in Kubernetes
- https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg
- https://nvd.nist.gov/vuln/detail/CVE-2020-8558
- https://github.com/kubernetes/kubernetes/issues/92315
- https://bugzilla.redhat.com/show_bug.cgi?id=1843358
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558
- https://github.com/kubernetes/kubernetes
- https://github.com/tabbysable/POC-2020-8558
- https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
- https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE
- https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation
- https://security.netapp.com/advisory/ntap-20200821-0001
- https://www.openwall.com/lists/oss-security/2020/07/08/1
Modified: 2023-09-19
GHSA-x6mj-w4jf-jmgw
Server Side Request Forgery (SSRF) in Kubernetes
- https://nvd.nist.gov/vuln/detail/CVE-2020-8555
- https://github.com/kubernetes/kubernetes/issues/91542
- https://github.com/kubernetes/kubernetes/pull/89794
- https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX
- https://security.netapp.com/advisory/ntap-20200724-0005
- http://www.openwall.com/lists/oss-security/2020/06/01/4
- http://www.openwall.com/lists/oss-security/2021/05/04/8