Half-Blind SSRF in kube-controller-manager

🗓️ 28 May 2020 16:13:34Reported by Kubernetes Security Response CommitteeType

SSRF in kube-controller-manager leaks up to 500 bytes from the master network via pods using supported volumes.

Reporter	Title	Published	Views	Family All 80
IBM Security Bulletins	Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes controller manager security vulnerability (CVE-2020-8555)	4 Jun 202013:56	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server	1 Apr 202120:53	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	1 Sep 202514:40	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data	29 Jun 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities	26 Feb 202114:46	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.	18 Aug 202504:31	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover	13 May 202116:56	–	ibm
IBM Security Bulletins	Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes controller manager security vulnerability (CVE-2020-8555)	21 Jul 202019:34	–	ibm
AlpineLinux	CVE-2020-8555	4 Jun 202021:50	–	alpinelinux
Circl	CVE-2020-8555	2 Jun 202013:13	–	circl

28 May 2020 16:13Current

6.7Medium risk

Vulners AI Score6.7

CVSS 23.5

CVSS 3.16.3

CVSS 36.3

EPSS0.03679