Vulnerability Details : CVE-2020-8558
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.
Products affected by CVE-2020-8558
- cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
- cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-8558
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-8558
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.8
|
MEDIUM | AV:A/AC:L/Au:N/C:P/I:P/A:P |
6.5
|
6.4
|
NIST | |
5.4
|
MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
2.8
|
2.5
|
Kubernetes | |
8.8
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2020-8558
-
The product protects a primary channel, but it does not use the same level of protection for an alternate channel.Assigned by: jordan@liggitt.net (Secondary)
References for CVE-2020-8558
-
https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
Inloggen - Google AccountsExploit;Mailing List;Mitigation;Third Party Advisory
-
https://github.com/kubernetes/kubernetes/issues/92315
CVE-2020-8558: Node setting allows for neighboring hosts to bypass localhost boundary · Issue #92315 · kubernetes/kubernetes · GitHubExploit;Mitigation;Patch;Third Party Advisory
-
https://security.netapp.com/advisory/ntap-20200821-0001/
CVE-2020-8558 Kubernetes Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
Jump to