Vulnerability Name:

CVE-2020-8554 (CCN-192721)

Assigned:2020-12-07
Published:2020-12-07
Updated:2022-10-29
Summary:Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
CVSS v3 Severity:5.0 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.4 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
5.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
6.5 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2020-8554

Source: XF
Type: UNKNOWN
kubernetes-cve20208554-sec-bypass(192721)

Source: CCN
Type: kubernetes GIT Repository
CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs #97076

Source: CONFIRM
Type: Exploit, Third Party Advisory
N/A

Source: CCN
Type: kubernetes GIT Repository
Figure out what to do about external IPs #97110

Source: MLIST
Type: Mailing List, Third Party Advisory
N/A

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[druid-commits] 20210202 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[druid-commits] 20210203 [GitHub] [druid] jihoonson merged pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[druid-commits] 20210201 [GitHub] [druid] jon-wei opened a new pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

Source: MLIST
Type: Mailing List, Patch, Third Party Advisory
[druid-commits] 20210203 [GitHub] [druid] jihoonson commented on pull request #10826: Address CVE-2020-8570, suppress CVE-2020-8554

Source: CCN
Type: oss-sec Mailing List, Mon, 7 Dec 2020 09:11:48 -0800
[kubernetes] CVE-2020-8554: Man in the middle using LoadBalancer or ExternalIPs

Source: CCN
Type: IBM Security Bulletin 6486063 (Cloud Private)
IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8554)

Source: CCN
Type: IBM Security Bulletin 6599703 (Db2 On Openshift)
Multiple vulnerabilities affect IBM Db2 On Openshift and IBM Db2 and Db2 Warehouse on Cloud Pak for Data

Source: N/A
Type: Patch, Third Party Advisory
N/A

Source: CCN
Type: Oracle CPUApr2022
Oracle Critical Patch Update Advisory - April 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html

Source: CCN
Type: Oracle CPUJan2022
Oracle Critical Patch Update Advisory - January 2022

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-8554

Vulnerable Configuration:Configuration 1:
  • cpe:/a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:kubernetes:kubernetes:-:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:*
  • OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    kubernetes kubernetes *
    oracle communications cloud native core network slice selection function 1.2.1
    oracle communications cloud native core service communication proxy 1.14.0
    oracle communications cloud native core policy 1.15.0
    kubernetes kubernetes -
    ibm cloud private 3.2.1 cd
    ibm cloud private 3.2.2 cd