CVE-2020-8558 — Unprotected Alternate Channel in Kubernetes

CWE-420 — Unprotected Alternate Channel CWE-300 — Channel Accessible by Non-Endpoint12 documents8 sources

Severity

8.8HIGHNVD

CNA5.4

EPSS

20.1%

top 4.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Kubernetes K8s.io Kubernetes

Timeline

PublishedJul 27

Latest updateAug 21

Description

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶Gok8s.io/kubernetes1.18.0 — 1.18.4+2

▶Debiankubernetes/kubernetes< 1.18.5-1+3

▶NVDkubernetes/kubernetes1.1.0 — 1.16.10+2

▶CVEListV5kubernetes/kubernetes18 versions+17

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Improper Authentication in Kubernetes in k8s.io/kubernetes↗2024-08-21

▶

GHSA

Improper Authentication in Kubernetes↗2022-02-15

▶

OSV

Improper Authentication in Kubernetes↗2022-02-15

▶

OSV

CVE-2020-8558: The Kubelet and kube-proxy components in versions 1↗2020-07-27

▶

CVEList

Kubernetes node setting allows for neighboring hosts to bypass localhost boundary↗2020-07-27

▶

📋Vendor Advisories

Red Hat

kubernetes: node localhost services reachable via martian packets↗2020-07-08

▶

Debian

CVE-2020-8558: kubernetes - The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, ...↗2020

▶

🕵️Threat Intelligence

Unit42

Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)↗2020-07-27

▶

Unit42

Kubernetes Vulnerability Puts Clusters at Risk of Takeover (CVE-2020-8558)↗2020-07-27

▶

💬Community

Bugzilla

CVE-2020-8558 origin: kubernetes: node localhost services reachable via martian packets [fedora-all]↗2020-07-15

▶

Bugzilla

CVE-2020-8558 kubernetes: node localhost services reachable via martian packets↗2020-06-03

▶