Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2020-8558

MEDIUM
Published 2020-07-27T19:55:19.321721Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2020-8558. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
5.4
/10
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.251
probability
of exploitation in the wild

There is a 25.1% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.959
Higher than 95.9% of all CVEs

Attack Vector Metrics

Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED

Impact Metrics

Confidentiality
LOW
Integrity
LOW
Availability
NONE

Description

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

Kubernetes

Kubernetes

Affected Versions:

prior to 1.18.4 prior to 1.17.7 prior to 1.16.11 1.15 1.14 1.13 1.12 1.11 1.10 1.9 1.8 1.7 1.6 1.5 1.4 1.3 1.2 1.1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed HIGH

Improper Authentication in Kubernetes

GHSA-wqv3-8cm6-h6wg

Advisory Details

A security issue was discovered in the Kubelet and kube-proxy components of Kubernetes which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. For example, if a cluster administrator runs a TCP service on a node that listens on 127.0.0.1:1234, because of this bug, that service would be potentially reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. If the example service on port 1234 required no additional authentication (because it assumed that only other localhost processes could reach it), then it could be vulnerable to attacks that make use of this bug.

Affected Packages

Go k8s.io/kubernetes
ECOSYSTEM: ≥1.18.0 <1.18.4
Go k8s.io/kubernetes
ECOSYSTEM: ≥1.17.0 <1.17.7
Go k8s.io/kubernetes
ECOSYSTEM: ≥0 <1.16.11

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

WEB https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-8558
WEB https://github.com/kubernetes/kubernetes/issues/92315
WEB https://bugzilla.redhat.com/show_bug.cgi?id=1843358
WEB https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558
PACKAGE https://github.com/kubernetes/kubernetes
WEB https://github.com/tabbysable/POC-2020-8558
WEB https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
WEB https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE
WEB https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation
WEB https://security.netapp.com/advisory/ntap-20200821-0001
WEB https://www.openwall.com/lists/oss-security/2020/07/08/1

Advisory provided by GitHub Security Advisory Database. Published: February 15, 2022, Modified: January 6, 2023

References

https://github.com/kubernetes/kubernetes/issues/92315
https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
https://security.netapp.com/advisory/ntap-20200821-0001/
Published: 2020-07-27T19:55:19.321721Z
Last Modified: 2024-09-16T22:40:40.949Z
Copied to clipboard!