CVE-2020-8559

MEDIUM

Kubernetes <v1.16.13,v1.17.9,v1.18.6 - Open Redirect

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2020-8559. PoCs published by tdwyer, tabbysable.

AI-analyzed exploit summary This repository provides a functional proof-of-concept exploit for CVE-2020-8559, which allows an attacker with root access on a Kubernetes node to execute commands on other containers in the cluster by leveraging HTTP redirects in the kubelet server. The exploit involves modifying the kubelet binary to send malicious 302 redirects when specific API paths are accessed.

Description

The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

Exploits (2)

nomisec WORKING POC 54 stars

by tdwyer · poc

https://github.com/tdwyer/CVE-2020-8559

View Code ZIP pw:eip

This repository provides a functional proof-of-concept exploit for CVE-2020-8559, which allows an attacker with root access on a Kubernetes node to execute commands on other containers in the cluster by leveraging HTTP redirects in the kubelet server. The exploit involves modifying the kubelet binary to send malicious 302 redirects when specific API paths are accessed.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Kubernetes v1.15.9

Auth required

Prerequisites: Root access on a Kubernetes node · Ability to replace the kubelet binary

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 20 stars

by tabbysable · poc

https://github.com/tabbysable/POC-2020-8559

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2020-8559, which manipulates iptables to intercept and redirect Kubernetes kubelet traffic, bypassing authentication by rewriting HTTP responses. The script uses OpenSSL to ferry TLS connections and modify response codes to achieve unauthorized access.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Kubernetes kubelet (versions affected by CVE-2020-8559)

No auth needed

Prerequisites: Access to a host with iptables and OpenSSL · Kubernetes cluster with vulnerable kubelet configuration

MITRE ATT&CK

T1189 - Drive-by Compromise T1021 - Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/kubernetes/kubernetes/issues/92914

Third Party Advisory x_refsource_confirm

https://security.netapp.com/advisory/ntap-20200810-0004/

Scores

CVSS v3 6.4

EPSS 0.5120

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-601

Status published

Products (3)

k8s.io/apimachinery 0 - 0.16.13Go

k8s.io/kubernetes 0 - 1.16.13Go

kubernetes/kubernetes 1.6.0 - 1.15.0

Published Jul 22, 2020

Tracked Since Feb 18, 2026