CVE-2020-8558

Published: Jul 27, 2020

Modified: Sep 16, 2024

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

Vendor	Product	Versions
Kubernetes	Kubernetes	affected `prior to 1.18.4` affected `prior to 1.17.7` affected `prior to 1.16.11` affected `1.15` affected `1.14` +13 more versions

Weaknesses (CWE)

CWE-420

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/kubernetes/kubernetes/issues/92315

x_refsource_CONFIRM

[Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary

mailing-list

x_refsource_MLIST

https://security.netapp.com/advisory/ntap-20200821-0001/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-8558

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References