Server-Side Request Forgery (SSRF)
CVE-2020-8555
Summary
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
- HIGH
- NETWORK
- NONE
- CHANGED
- NONE
- LOW
- HIGH
- NONE
CWE-918 - Server-Side Request Forgery (SSRF)
Server-side request forgery (SSRF) is a weakness that allows an attacker to send an arbitrary request, making it appear that the request was sent by the server. This request may bypass a firewall that would normally prevent direct access to the URL. The impact of this vulnerability can vary from unauthorized access to files and sensitive information to remote code execution.
References
Advisory Timeline
- Published