21 matches found
RHCOS 4 : OpenShift Container Platform 4.4.32 (RHSA-2021:0030)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0030 advisory. - kubernetes: compromised node could escalate to cluster level privileges CVE-2020-8559 Note that Nessus has not tested for this issue but ha...
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes.
Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in Golang Go and Kubernetes. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2018-17847 DESCRIPTION: Golang Go is vulnerable to a denial of service, caused by an index out of...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.4.33 bug fix and security update
Red Hat OpenShift Container Platform release 4.4.33 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having ...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2020-8559)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could enable a privilege escalation from a compromised node CVE-2020-8559 Vulnerability Details CVEID: CVE-2020-8559 Description: Kubernetes kube-apiserver could allow a remote...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.4.32 packages and security update
Red Hat OpenShift Container Platform release 4.4.32 is now available with updates to packages and images that fix several bugs and add enhancements. This release also includes a security update for Red Hat OpenShift Container Platform 4.4. Red Hat Product Security has rated this update as having ...
RHEL 7 / 8 : OpenShift Container Platform 4.4.32 (RHSA-2021:0030)
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:0030 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...
RHEL 7 : OpenShift Container Platform 3.11.346 (RHSA-2020:5363)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5363 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11.346 security and bug fix update
Red Hat OpenShift Container Platform release 3.11.346 is now available with updates to packages and images that fix several bugs. This release includes a security update for Kubernetes for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a securi...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 4.5.21 bug fix and security update
Red Hat OpenShift Container Platform release 4.5.21 is now available with updates to packages and images that fix several bugs. This release includes a security update for openshift-enterprise-hyperkube for Red Hat OpenShift Container Platform 4.5.21. Red Hat Product Security has rated this updat...
Security Bulletin: API Connect is vulnerable to denial of service via Kubernetes (CVE-2020-8557, CVE-2020-8559)
Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-8557 DESCRIPTION: Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating...
Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8557, CVE-2020-8559)
Summary IBM Cloud Private is vulnerable to Kubernetes vulnerabilities Vulnerability Details CVEID: CVE-2020-8557 DESCRIPTION: Kubernetes kubelet is vulnerable to a denial of service, caused by an issue with not including the /etc/hostsfile file by the kubelet eviction manager when calculating...
Security fix for the ALT Linux 10 package kubernetes version 1.18.6-alt1
July 24, 2020 Mikhail Gordeev 1.18.6-alt1 - 1.18.6 - Fixes: CVE-2020-8559...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes API server security vulnerability (CVE-2020-8559)
Summary IBM Cloud Kubernetes Service is affected by a security vulnerability in the Kubernetes API server that could enable a privilege escalation from a compromised node CVE-2020-8559 Vulnerability Details CVEID: CVE-2020-8559 Description: Kubernetes kube-apiserver could allow a remote...
CVE-2020-8559 vulnerabilities
Vulnerabilities for packages: prometheus-adapter, velero-plugin-for-csi, newrelic-infra-operator, cilium-cli, thanos-operator, secrets-store-csi-driver-provider-aws, pulumi-kubernetes-operator, eksctl, kubernetes-dashboard, glab, kubewatch, datadog-agent, falcoctl, stakater-reloader, cert-exporte...
CVE-2020-8559 vulnerabilities
Vulnerabilities for packages: opentelemetry-collector-contrib, slsa-verifier, cert-manager-fips, postgres-operator-fips, velero-plugin-for-aws-fips, tigera-operator, volume-modifier-for-k8s, local-path-provisioner, helm-operator-fips, nri-kubernetes, dynamic-localpv-provisioner-fips,...
CVE-2020-8559
CVE-2020-8559 : Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests. Affected releases include kube-apiserver v1.6–v1.15, and versions prior to v1.16.13, v1.17.9, and v1.18.6. Exploitation could enable privilege escalation from a node compromise to a ful...
CVE-2020-8559 Privilege escalation from compromised node to cluster
The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise...
Exploit for Open Redirect in Kubernetes
Kubernetes CVE-2020-8559 Proof of Concept PoC Exploit This...
Exploit for Open Redirect in Kubernetes
POC-2020-8559 Exploit for CVE-2020-8559. We steal all the con...
kubernetes security update
1.12.10-1.0.13 - CVE-2020-8559: Privilege escalation from compromised node to cluster - CVE-2020-8557: Node disk DOS by writing to container /etc/hosts...