8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.7%
A security issue was discovered in the Kubelet and kube-proxy components of Kubernetes which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node’s network namespace. For example, if a cluster administrator runs a TCP service on a node that listens on 127.0.0.1:1234, because of this bug, that service would be potentially reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. If the example service on port 1234 required no additional authentication (because it assumed that only other localhost processes could reach it), then it could be vulnerable to attacks that make use of this bug.
CPE | Name | Operator | Version |
---|---|---|---|
k8s.io/kubernetes | lt | 1.16.11 | |
k8s.io/kubernetes | lt | 1.17.7 | |
k8s.io/kubernetes | lt | 1.18.4 |
bugzilla.redhat.com/show_bug.cgi?id=1843358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558
github.com/advisories/GHSA-wqv3-8cm6-h6wg
github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg
github.com/kubernetes/kubernetes/issues/92315
github.com/tabbysable/POC-2020-8558
groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE
labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation
nvd.nist.gov/vuln/detail/CVE-2020-8558
security.netapp.com/advisory/ntap-20200821-0001/
www.openwall.com/lists/oss-security/2020/07/08/1
8.8 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.7%