VDB
RHSA-2020%3A2449
RHSA-2020%3A2449
PUBLISHED
CVSS 6.300000190734863 MEDIUM
A server side request forgery (SSRF) flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the kube-apiserver through the unauthenticated localhost port (if enabled).
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-hyperkube@sha256:200044e6cdf56f067c1aaace4fde3215593e3e3152ff8600527077d35adc8d4e_ppc64le as a component of Red Hat OpenShift Container Platform 4.4 | openshift4/ose-hyperkube@sha256:200044e6cdf56f067c1aaace4fde3215593e3e3152ff8600527077d35adc8d4e_ppc64le |
| Red Hat | openshift4/ose-hyperkube@sha256:ec018bd232f6555bd7ce9e1c63cf4b19c95576c40e9868f2b9eb3127d61180e1_amd64 as a component of Red Hat OpenShift Container Platform 4.4 | openshift4/ose-hyperkube@sha256:ec018bd232f6555bd7ce9e1c63cf4b19c95576c40e9868f2b9eb3127d61180e1_amd64 |
| Red Hat | openshift4/ose-hyperkube@sha256:1654cacf069e4ce3ab874df3a90d6e93e6b8ead14e24924bf5115c143d566bcd_s390x as a component of Red Hat OpenShift Container Platform 4.4 | * |
Timeline
- Jun 17, 2020 CVE Published
- Nov 21, 2025 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2020:2449 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1821583 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_2449.json advisory
- https://access.redhat.com/security/cve/CVE-2020-8555 advisory
- https://www.cve.org/CVERecord?id=CVE-2020-8555 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2020-8555 advisory
- https://groups.google.com/forum/#!topic/kubernetes-security-announce/kEK27tqqs30 advisory