admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-12 02:05:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#567

Browse Source 
Auto-merge PR#567
This commit is contained in:
CVE Team 2021-01-21 12:10:18 -05:00 committed by GitHub
commit e9fe83ecda
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 480 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
2020/8xxx/CVE-2020-8554.json
View File

@ -1,18 +1,106 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-12-07T17:00:00.000Z",
"ID": "CVE-2020-8554",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kubernetes man in the middle using LoadBalancer or ExternalIPs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Kubernetes",
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Etienne Champetier (@champtar) of Anevia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-283 Unverified Ownership"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/97076"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes/kubernetes/issues/97076"
],
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "To restrict the use of external IPs we are providing an admission webhook container: k8s.gcr.io/multitenancy/externalip-webhook:v1.0.0. The source code and deployment instructions are published at https://github.com/kubernetes-sigs/externalip-webhook.\n\nAlternatively, external IPs can be restricted using OPA Gatekeeper. A sample ConstraintTemplate and Constraint can be found here: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/externalip."
}
]
}

104
2020/8xxx/CVE-2020-8567.json
View File

@ -1,18 +1,110 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-11-16T21:00:00.000Z",
"ID": "CVE-2020-8567",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kubernetes Secrets Store CSI Driver plugin directory traversals"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes Secrets Store CSI Driver",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "Vault Plugin",
"version_value": "v0.0.6"
},
{
"version_affected": "<",
"version_name": "Azure Plugin",
"version_value": "v0.0.10"
},
{
"version_affected": "<",
"version_name": "GCP Plugin",
"version_value": "v0.2.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tommy Murphy of Google"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: '../filedir'"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/BI2qisiNXHY"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/384"
],
"discovery": "INTERNAL"
}
}

107
2020/8xxx/CVE-2020-8568.json
View File

@ -1,18 +1,113 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-11-10T21:00:00.000Z",
"ID": "CVE-2020-8568",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kubernetes Secrets Store CSI Driver sync/rotate directory traversal"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes Secrets Store CSI Driver",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "Kubernetes Secrets Store CSI Driver",
"version_value": "v0.0.15"
},
{
"version_affected": "=",
"version_name": "Kubernetes Secrets Store CSI Driver",
"version_value": "v0.0.16"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tommy Murphy of Google"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24 Path Traversal: '../filedir'"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-secrets-store-csi-driver/c/Cb9cvymTzl4"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes-sigs/secrets-store-csi-driver/issues/378"
],
"discovery": "INTERNAL"
}
}

107
2020/8xxx/CVE-2020-8569.json
View File

@ -1,18 +1,111 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2020-11-17T21:00:00.000Z",
"ID": "CVE-2020-8569",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kubernetes CSI snapshot-controller DoS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CSI Snapshotter",
"version": {
"version_data": [
{
"version_affected": "<=",
"version_name": "snapshot-controller v3.0",
"version_value": "v3.0.1"
},
{
"version_affected": "<=",
"version_name": "snapshot-controller v2.1",
"version_value": "v2.1.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Qin Ping"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could panic when processing a VolumeSnapshot custom resource when:\n\n- The VolumeSnapshot referenced a non-existing PersistentVolumeClaim and the VolumeSnapshot did not reference any VolumeSnapshotClass.\n- The snapshot-controller crashes, is automatically restarted by Kubernetes, and processes the same VolumeSnapshot custom resource after the restart, entering an endless crashloop.\n\nOnly the volume snapshot feature is affected by this vulnerability. When exploited, users cant take snapshots of their volumes or delete the snapshots. All other Kubernetes functionality is not affected."
}
]
}
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476 NULL Pointer Dereference"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-csi/external-snapshotter/issues/380"
}
]
},
"source": {
"defect": [
"https://github.com/kubernetes-csi/external-snapshotter/issues/380"
],
"discovery": "INTERNAL"
},
"work_around": [
{
"lang": "eng",
"value": "Prior to upgrading, this vulnerability can be mitigated by restricting creation of VolumeSnapshot custom resources in API group snapshot.storage.k8s.io only to trusted users."
}
]
}

92
2020/8xxx/CVE-2020-8570.json
View File

@ -1,18 +1,98 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ASSIGNER": "security@kubernetes.io",
"DATE_PUBLIC": "2021-01-11T23:15:00.000Z",
"ID": "CVE-2020-8570",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"STATE": "PUBLIC",
"TITLE": "Kubernetes Java client libraries unvalidated path traversal in Copy implementation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes Java Client",
"version": {
"version_data": [
{
"version_affected": "<",
"version_name": "9.0",
"version_value": "9.0.2"
},
{
"version_affected": "<",
"version_name": "10.0",
"version_value": "10.0.1"
},
{
"version_value": "all versions prior to 9.0"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Discovered via CodeQL automated scanning on GitHub"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MLIST",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/sd5h73sFPrg"
},
{
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes-client/java/issues/1491"
}
]
},
"solution": [
{
"lang": "eng",
"value": "Upgrade to 9.0.2, 10.0.1 or 11.0.0 versions of the library."
}
],
"source": {
"defect": [
"https://github.com/kubernetes-client/java/issues/1491"
],
"discovery": "UNKNOWN"
}
}