VDB

CVE-2020-8559

CVE-2020-8559 REJECTED

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

EPSS 51.20% · 97.9th percentile

Risk Scores

EPSS Score
51.20%
97.9th percentile

Affected Products

VendorProductVersions
Ubuntu:24.04:LTSkubernetes0, 1.0
Ubuntu:Pro:20.04:LTSkubernetes1.0, 0
Ubuntu:22.04:LTSkubernetes0, 1.0

Timeline

  • CVE Published
  • Oct 30, 2020 PoC Published
  • Apr 14, 2021 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 28, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 13, 2025 EPSS Score
  • May 1, 2025 EPSS Score
  • May 4, 2025 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›