Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8559 PoC — Kubernetes kube-apiserver 输入验证错误漏洞

Source
https://github.com/tabbysable/POC-2020-8559
Associated Vulnerability
Title:Kubernetes kube-apiserver 输入验证错误漏洞 (CVE-2020-8559)
Description:Kubernetes(K8s)是云原生计算基金会(Cloud Native Computing Foundation)的一个开源系统,用于自动部署、扩展和管理容器化应用程序。 Kubernetes kube-apiserver中存在输入验证错误漏洞。攻击者可利用该漏洞提升权限。以下产品及版本受到影响:Kubernetes kube-apiserver v1.6版本至v1.15版本,v1.16.13之前版本,v1.17.9之前版本,v1.18.6之前版本。
Description
Proof of Concept exploit for Kubernetes CVE-2020-8559
Readme
# POC-2020-8559

Exploit for CVE-2020-8559. We steal all the connections to the kubelet using iptables then rewrite the 101 or 302 responses to 307. The 101s are for modern Kubernetes versions, the 302s are for older ones.

We don't have access to the kube-apiserver's x509 cert, so kubelet webhook auth can be a problem. No problem with this kubelet config fragment, which basically re-enables the old-time kubelet-exploit:

```
authentication:
  anonymous:
    enabled: true
authorization:
  mode: AlwaysAllow
```
File Snapshot

 [4.0K]  /data/pocs/3deb284df08027d41d355a40c142fdf8cc58f44f
├── [1.2K]  LICENSE.txt
├── [6.9K]  poc-2020-8559.sh
└── [ 516]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.