Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/tabbysable/POC-2020-8559
Proof of Concept exploit for Kubernetes CVE-2020-8559
https://github.com/tabbysable/POC-2020-8559
Last synced: 25 days ago
JSON representation
Proof of Concept exploit for Kubernetes CVE-2020-8559
- Host: GitHub
- URL: https://github.com/tabbysable/POC-2020-8559
- Owner: tabbysable
- License: bsd-2-clause
- Created: 2020-07-22T05:13:01.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2020-07-22T05:30:14.000Z (over 4 years ago)
- Last Synced: 2024-02-15T10:36:17.749Z (10 months ago)
- Language: Shell
- Size: 3.91 KB
- Stars: 20
- Watchers: 2
- Forks: 3
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-k8s-security - CVE-2020-8559 PoC - kube-apiserver vulnerable to an unvalidated redirect on proxied upgrade requests (CVEs)
- awesome-hacking-lists - tabbysable/POC-2020-8559 - Proof of Concept exploit for Kubernetes CVE-2020-8559 (Shell)
README
# POC-2020-8559
Exploit for CVE-2020-8559. We steal all the connections to the kubelet using iptables then rewrite the 101 or 302 responses to 307. The 101s are for modern Kubernetes versions, the 302s are for older ones.
We don't have access to the kube-apiserver's x509 cert, so kubelet webhook auth can be a problem. No problem with this kubelet config fragment, which basically re-enables the old-time kubelet-exploit:
```
authentication:
anonymous:
enabled: true
authorization:
mode: AlwaysAllow
```