| Vulnerability Name: | CVE-2020-8558 (CCN-184769) | ||||||||||||
| Assigned: | 2020-07-08 | ||||||||||||
| Published: | 2020-07-08 | ||||||||||||
| Updated: | 2022-01-01 | ||||||||||||
| Summary: | The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
4.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.8 Medium (CVSS v2 Vector: AV:A/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-287 | ||||||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2020-8558 Source: XF Type: UNKNOWN kubernetes-cve20208558-sec-bypass(184769) Source: CCN Type: kubernetes GIT Repository CVE-2020-8558: Node setting allows for neighboring hosts to bypass localhost boundary #92315 Source: CONFIRM Type: Exploit, Mitigation, Patch, Third Party Advisory https://github.com/kubernetes/kubernetes/issues/92315 Source: MLIST Type: Exploit, Mailing List, Mitigation, Third Party Advisory [Security Advisory] CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary Source: CCN Type: oss-sec Mailing List, Wed, 8 Jul 2020 10:00:00 -0600 CVE-2020-8558: Kubernetes: Node setting allows for neighboring hosts to bypass localhost boundary Source: CONFIRM Type: Third Party Advisory https://security.netapp.com/advisory/ntap-20200821-0001/ Source: CCN Type: IBM Security Bulletin 6417467 (Cloud Private) IBM Cloud Private is vulnerable to Kubernetes vulnerabilities Source: CCN Type: IBM Security Bulletin 6436589 (InfoSphere Information Server) Multiple vulnerabilities in Kubernetes affect IBM InfoSphere Information Server Source: CCN Type: IBM Security Bulletin 6452959 (Spectrum Discover) Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover Source: CCN Type: WhiteSource Vulnerability Database CVE-2020-8558 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||