Privilege Escalation Affecting github.com/kubernetes/apimachinery/pkg/util/proxy Open this link in a new tab package, versions <0.19.0-rc.1
Exploit Maturity
Mature
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Confidentiality
High
Integrity
High
Availability
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-GOLANG-GITHUBCOMKUBERNETESAPIMACHINERYPKGUTILPROXY-590105
-
published
16 Jul 2020
-
disclosed
15 Jul 2020
-
credit
Unknown
Introduced: 15 Jul 2020
CVE-2020-8559 Open this link in a new tabHow to fix?
Upgrade github.com/kubernetes/apimachinery/pkg/util/proxy
to version 0.19.0-rc.1 or higher.
Overview
github.com/kubernetes/apimachinery/pkg/util/proxy is a Package proxy provides transport and upgrade support for proxies.
Affected versions of this package are vulnerable to Privilege Escalation. If an attacker is able to intercept certain requests to the Kubelet, they can send a redirect response that may be followed by a client using the credentials from the original request. This can lead to compromise of other nodes.