{"id":"CVE-2020-8559","details":"The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.","aliases":["GHSA-33c5-9fx5-fvjm","GO-2024-2748"],"modified":"2026-03-14T10:36:03.694166Z","published":"2020-07-22T14:15:16.517Z","related":["CGA-wfgx-x98f-7jmq"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20200810-0004/"},{"type":"FIX","url":"https://github.com/kubernetes/kubernetes/issues/92914"},{"type":"EVIDENCE","url":"https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"fff5156092b56e6bd60fff75aad4dc9de6b6ef37"},{"last_affected":"e8462b5b5dc2584fdcd18e6bcfe9f1e4d970a529"},{"introduced":"2bd9643cee5b3b3a5ecbd3af49d09018f0773c77"},{"fixed":"39a145ca3413079bcb9c80846488786fed5fe1cb"},{"introduced":"70132b0f130acc0bed193d9ba59dd186f0e634cf"},{"fixed":"4fb7ed12476d57b8437ada90b4f93b17ffaeed99"},{"introduced":"9e991415386e4cf155a24b1da15becaa390438d8"},{"fixed":"dff82dc0de47299ab66c83c626e08b245ab19037"}],"database_specific":{"versions":[{"introduced":"1.6.0"},{"last_affected":"1.15.0"},{"introduced":"1.16.0"},{"fixed":"1.16.13"},{"introduced":"1.17.0"},{"fixed":"1.17.9"},{"introduced":"1.18.0"},{"fixed":"1.18.6"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-8559.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}]}