Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-8558
HistoryJul 27, 2020 - 12:00 a.m.

CVE-2020-8558

2020-07-2700:00:00
ubuntu.com
ubuntu.com
14

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.4%

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10,
1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue
which allows adjacent hosts to reach TCP and UDP services bound to
127.0.0.1 running on the node or in the node’s network namespace. Such a
service is generally thought to be reachable only by other processes on the
same host, but due to this defeect, could be reachable by other hosts on
the same LAN as the node, or by containers running on the same node as the
service.

Notes

Author Note
leosilva kubernates is in fact a kubernetes installer that calls snap, not the package it self.

CVSS2

5.8

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.4%