The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.
CPE | Name | Operator | Version |
---|---|---|---|
kubernetes | ge | 1.18.0 | |
kubernetes | lt | 1.18.6 | |
kubernetes | ge | 1.6.0 | |
kubernetes | le | 1.15.0 | |
kubernetes | ge | 1.17.0 | |
kubernetes | lt | 1.17.9 | |
kubernetes | ge | 1.16.0 | |
kubernetes | lt | 1.16.13 |