Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/tabbysable/POC-2020-8559

Proof of Concept exploit for Kubernetes CVE-2020-8559
https://github.com/tabbysable/POC-2020-8559

Last synced: 25 days ago
JSON representation

Proof of Concept exploit for Kubernetes CVE-2020-8559

Host: GitHub
URL: https://github.com/tabbysable/POC-2020-8559
Owner: tabbysable
License: bsd-2-clause
Created: 2020-07-22T05:13:01.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2020-07-22T05:30:14.000Z (over 4 years ago)
Last Synced: 2024-02-15T10:36:17.749Z (10 months ago)
Language: Shell
Size: 3.91 KB
Stars: 20
Watchers: 2
Forks: 3
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE.txt

Awesome Lists containing this project

awesome-k8s-security - CVE-2020-8559 PoC - kube-apiserver vulnerable to an unvalidated redirect on proxied upgrade requests (CVEs)
awesome-hacking-lists - tabbysable/POC-2020-8559 - Proof of Concept exploit for Kubernetes CVE-2020-8559 (Shell)

README

# POC-2020-8559

Exploit for CVE-2020-8559. We steal all the connections to the kubelet using iptables then rewrite the 101 or 302 responses to 307. The 101s are for modern Kubernetes versions, the 302s are for older ones.

We don't have access to the kube-apiserver's x509 cert, so kubelet webhook auth can be a problem. No problem with this kubelet config fragment, which basically re-enables the old-time kubelet-exploit:

```
authentication:
anonymous:
enabled: true
authorization:
mode: AlwaysAllow
```