CVE-2020-8558

Summary

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetesprior to 1.18.4affected
KubernetesKubernetesprior to 1.17.7affected
KubernetesKubernetesprior to 1.16.11affected
KubernetesKubernetes1.15affected
KubernetesKubernetes1.14affected
KubernetesKubernetes1.13affected
KubernetesKubernetes1.12affected
KubernetesKubernetes1.11affected
KubernetesKubernetes1.10affected
KubernetesKubernetes1.9affected
KubernetesKubernetes1.8affected
KubernetesKubernetes1.7affected
KubernetesKubernetes1.6affected
KubernetesKubernetes1.5affected
KubernetesKubernetes1.4affected
KubernetesKubernetes1.3affected
KubernetesKubernetes1.2affected
KubernetesKubernetes1.1affected

Weaknesses

  • CWE-420: CWE-420 Unprotected Alternate Channel

ADP Enrichment

CVE Program Container

Additional References

References