{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "generator": { "engine": "Vulnogram 0.0.9" }, "CVE_data_meta": { "ID": "CVE-2020-8555", "ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "", "TITLE": "Kubernetes kube-controller-manager SSRF", "AKA": "", "STATE": "PUBLIC" }, "source": { "defect": [ "https://github.com/kubernetes/kubernetes/issues/91542" ], "advisory": "", "discovery": "EXTERNAL" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Kubernetes", "product": { "product_data": [ { "product_name": "Kubernetes", "version": { "version_data": [ { "version_name": "1.15", "version_affected": "<", "version_value": "1.15.12", "platform": "" }, { "version_name": "1.16", "version_affected": "<", "version_value": "1.16.9", "platform": "" }, { "version_name": "1.17", "version_affected": "<", "version_value": "1.17.5", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.18.0", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.1", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.2", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.3", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.4", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.5", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.6", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.7", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.8", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.9", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.10", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.11", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.12", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.13", "platform": "" }, { "version_name": "", "version_affected": "", "version_value": "1.14", "platform": "" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-918 Server-Side Request Forgery (SSRF)" } ] } ] }, "description": { "description_data": [ { "lang": "eng", "value": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services)." } ] }, "references": { "reference_data": [ { "refsource": "MLIST", "name": "[oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager", "url": "http://www.openwall.com/lists/oss-security/2020/06/01/4" }, { "refsource": "MLIST", "url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion", "name": "" }, { "refsource": "CONFIRM", "name": "https://github.com/kubernetes/kubernetes/issues/91542", "url": "https://github.com/kubernetes/kubernetes/issues/91542" }, { "refsource": "FEDORA", "name": "FEDORA-2020-aeea04cd13", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/" }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200724-0005/", "url": "https://security.netapp.com/advisory/ntap-20200724-0005/" } ] }, "configuration": [], "impact": { "cvss": { "version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "baseScore": 6.3, "baseSeverity": "MEDIUM" } }, "exploit": [], "work_around": [ { "lang": "eng", "value": "Prior to upgrading, this vulnerability can be mitigated by adding endpoint protections on the master or restricting usage of the vulnerable volume types (for example by constraining usage with a PodSecurityPolicy or third-party admission controller such as Gatekeeper) and restricting StorageClass write permissions through RBAC." } ], "solution": [], "credit": [ { "lang": "eng", "value": "Brice Augras from Groupe-Asten and Christophe Hauquiert from Nokia" } ] }