Vulnerability Report: GO-2022-0885
- CVE-2020-8558, GHSA-wqv3-8cm6-h6wg
- Affects: k8s.io/kubernetes
- Published: Aug 21, 2024
- Modified: Aug 05, 2025
Improper Authentication in Kubernetes in k8s.io/kubernetes
For detailed information about this vulnerability, visit https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg.
Affected Modules
-
PathGo Versions
-
before v1.16.11, from v1.17.0 before v1.17.7, from v1.18.0 before v1.18.4
Aliases
References
- https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg
- https://bugzilla.redhat.com/show_bug.cgi?id=1843358
- https://github.com/kubernetes/kubernetes/issues/92315
- https://github.com/tabbysable/POC-2020-8558
- https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
- https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE
- https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation
- https://security.netapp.com/advisory/ntap-20200821-0001
- https://www.openwall.com/lists/oss-security/2020/07/08/1
- https://vuln.go.dev/ID/GO-2022-0885.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.