Lucene search

[email protected]NVD:CVE-2020-8554

HistoryJan 21, 2021 - 5:15 p.m.

CVE-2020-8554

2021-01-2117:15:13

CWE-283

[email protected]

web.nvd.nist.gov

kubernetes

api server

intercept traffic

clusterip service

loadbalancer

privileged operation

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.3

Confidence

High

EPSS

0.002

Percentile

62.1%

JSON

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

Affected configurations

Nvd

Node

kuberneteskubernetes

Node

oraclecommunications_cloud_native_core_network_slice_selection_functionMatch1.2.1

oraclecommunications_cloud_native_core_policyMatch1.15.0

oraclecommunications_cloud_native_core_service_communication_proxyMatch1.14.0

VendorProductVersionCPE
kuberneteskubernetes*cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_network_slice_selection_function1.2.1cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_policy1.15.0cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*
oraclecommunications_cloud_native_core_service_communication_proxy1.14.0cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
kubernetes	kubernetes	*	cpe:2.3:a:kubernetes:kubernetes::::::::
oracle	communications_cloud_native_core_network_slice_selection_function	1.2.1	cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:::::::*
oracle	communications_cloud_native_core_policy	1.15.0	cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:::::::*
oracle	communications_cloud_native_core_service_communication_proxy	1.14.0	cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:::::::*