CVE-2020-8559: URL Redirection to Untrusted Site (Open Redirect)

July 22, 2020 (updated July 27, 2020)

The Kubernetes kube-apiserver is vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise.

References

nvd.nist.gov/vuln/detail/CVE-2020-8559

Code Behaviors & Features

Detect and mitigate CVE-2020-8559 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →