kubernetes kubernetes CVE-2020-8558 in Kubernetes and Amazon Products
Published on July 27, 2020

Kubernetes node setting allows for neighboring hosts to bypass localhost boundary

product logo product logo
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

Github Repository NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Unprotected Alternate Channel

The software protects a primary channel, but it does not use the same level of protection for an alternate channel.


Products Associated with CVE-2020-8558

stack.watch emails you whenever new vulnerabilities are published in Kubernetes or Amazon Aws. Just hit a watch button to start following.

Kubernetes
 
Amazon Aws
 

Affected Versions

Kubernetes:

Exploit Probability

EPSS
21.49%
Percentile
95.60%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.