22 matches found
CVE-2020-8554 vulnerabilities
Vulnerabilities for packages: kubernetes...
CVE-2020-8554 vulnerabilities
Vulnerabilities for packages: kubernetes...
Linux Distros Unpatched Vulnerability : CVE-2020-8554
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to th...
CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1
CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1. A patched version of the package is available...
CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1
CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1. A patched version of the package is available...
CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-2
CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-2. A patched version of the package is available...
CBL Mariner 2.0 Security Update: kubernetes (CVE-2020-8554)
The version of kubernetes installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-8554 advisory. - Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set...
CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1
CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1. A patched version of the package is available...
CVE-2020-8554 affecting package kubernetes 1.22.6-4
CVE-2020-8554 affecting package kubernetes 1.22.6-4. A patched version of the package is available...
Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8554)
Summary IBM Cloud Private is vulnerable to Kubernetes vulnerabilities Vulnerability Details CVEID: CVE-2020-8554 DESCRIPTION: Kubernetes could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw when using LoadBalancer or ExternalIPs. By using man-in-the-middle...
Security Bulletin: IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability (CVE-2020-8554)
Summary IBM Cloud Kubernetes Service is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote authenticate...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability (CVE-2020-8554)
Summary Red Hat OpenShift on IBM Cloud is affected by a Kubernetes security vulnerability that could allow a malicious user to intercept traffic from other pods or nodes in the cluster CVE-2020-8554 Vulnerability Details CVEID: CVE-2020-8554 Description: Kubernetes could allow a remote...
Oracle Linux 7 : olcne (ELSA-2021-9029)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9029 advisory. - Address CVE-2020-28914 kata - Address CVE-2020-28914 kubernetes - Kata CVE-2020-28914 olcne - Address CVE-2020-28914: An improper file permissions...
Oracle Linux 7 / 8 : olcne (ELSA-2021-9028)
The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9028 advisory. - Kata CVE-2020-28914 kata-proxy - Address CVE-2020-28914: An improper file permissions vulnerability affects Kata Containers prior to 1.11.5 -...
AZL-35135 CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
AZL-34893 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-2
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
CVE-2020-8554 affects the Kubernetes API server by allowing an attacker who can create a ClusterIP service with a crafted spec.externalIPs to intercept traffic to that IP, and by abusing privileged status.patch on a LoadBalancer service to set status.loadBalancer.ingress.ip. The issue is rooted i...
CVE-2020-8554 Kubernetes man in the middle using LoadBalancer or ExternalIPs
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11.374 bug fix and security update
Red Hat OpenShift Container Platform release 3.11.374 is now available with updates to packages and images that fix several bugs. This release also includes a security update for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact ...