CVE-2020-8555

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-8555

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8555.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-8555

Aliases

Related

Published

2020-06-05T17:15:11Z

Modified

2025-02-19T03:17:43.745987Z

Severity

6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

References

Affected packages

Debian:11 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / kubernetes

Package

Name: kubernetes
Purl: pkg:deb/debian/kubernetes?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.18.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/kubernetes/kubelet

Affected ranges

Type: GIT
Repo: https://github.com/kubernetes/kubelet
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c66062efc14df7c05eb6edef4799d004360c1d79

Type: GIT
Repo: https://github.com/kubernetes/kubernetes
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d94a81c724ea8e1ccc9002d89b7fe81d58f89ede

Affected versions

v0.*

v0.10.0

v0.11.0

v0.12.0

v0.13.0

v0.13.1-dev

v0.14.0

v0.14.1

v0.15.0

v0.16.0

v0.16.1

v0.16.2

v0.17.0

v0.17.1

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.19.1

v0.19.2

v0.19.3

v0.2

v0.20.0

v0.20.1

v0.20.2

v0.21.0

v0.21.1

v0.21.2

v0.3

v0.4

v0.5

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.0

v1.1.0-alpha.0

v1.1.0-alpha.1

v1.10.0-alpha.0

v1.10.0-alpha.1

v1.10.0-alpha.2

v1.10.0-alpha.3

v1.11.0-alpha.0

v1.11.0-alpha.1

v1.11.0-alpha.2

v1.12.0-alpha.0

v1.12.0-alpha.1

v1.13.0-alpha.0

v1.13.0-alpha.1

v1.13.0-alpha.2

v1.13.0-alpha.3

v1.14.0-alpha.0

v1.14.0-alpha.1

v1.14.0-alpha.2

v1.14.0-alpha.3

v1.15.0

v1.15.0-alpha.0

v1.15.0-alpha.1

v1.15.0-alpha.2

v1.15.0-alpha.3

v1.15.0-beta.0

v1.15.0-beta.1

v1.15.0-beta.2

v1.15.0-rc.1

v1.15.1

v1.15.1-beta.0

v1.15.10

v1.15.10-beta.0

v1.15.11-beta.0

v1.15.2

v1.15.2-beta.0

v1.15.3

v1.15.3-beta.0

v1.15.4

v1.15.4-beta.0

v1.15.5

v1.15.5-beta.0

v1.15.6

v1.15.6-beta.0

v1.15.7

v1.15.7-beta.0

v1.15.8

v1.15.8-beta.0

v1.15.8-beta.1

v1.15.9

v1.15.9-beta.0

v1.16.0-alpha.0

v1.2.0-alpha.1

v1.2.0-alpha.2

v1.2.0-alpha.3

v1.2.0-alpha.4

v1.2.0-alpha.5

v1.2.0-alpha.6

v1.2.0-alpha.7

v1.2.0-alpha.8

v1.3.0-alpha.0

v1.3.0-alpha.1

v1.3.0-alpha.2

v1.3.0-alpha.3

v1.3.0-alpha.4

v1.3.0-alpha.5

v1.4.0-alpha.0

v1.4.0-alpha.1

v1.4.0-alpha.2

v1.4.0-alpha.3

v1.5.0-alpha.0

v1.5.0-alpha.1

v1.5.0-alpha.2

v1.6.0-alpha.0

v1.6.0-alpha.1

v1.6.0-alpha.2

v1.6.0-alpha.3

v1.7.0-alpha.0

v1.7.0-alpha.1

v1.7.0-alpha.2

v1.7.0-alpha.3

v1.7.0-alpha.4

v1.8.0-alpha.0

v1.8.0-alpha.1

v1.8.0-alpha.2

v1.8.0-alpha.3

v1.9.0-alpha.0

v1.9.0-alpha.1

v1.9.0-alpha.2

v1.9.0-alpha.3