CVE-2020-8558

Kubernetes node setting allows for neighboring hosts to bypass localhost boundary

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

Se encontró que los componentes Kubelet y kube-proxy en las versiones 1.1.0-1.16.10, 1.17.0-1.17.6 y 1.18.0-1.18.3, contienen un problema de seguridad que permite a los hosts adyacentes alcanzar los servicios TCP y UDP vinculados a la versión 127.0.0.1, que se ejecutan en el nodo o en el espacio de nombres de red del nodo. Dicho servicio se considera generalmente que puede ser alcanzado solo por otros procesos en el mismo host, pero debido a esta defensa, podrían ser alcanzados por otros hosts en la misma LAN que el nodo o por contenedores que se ejecutan en el mismo nodo que el servicio

A flaw was found in Kubernetes that allows attackers on adjacent networks to reach services exposed on localhost ports, previously thought to be unreachable. This flaw allows an attacker to gain privileges or access confidential information for any services listening on localhost ports that are not protected by authentication.

*Credits: János Kövér, Ericsson, Additional impacts reported by Rory McCune, NCC Group and Yuval Avrahami and Ariel Zelivansky, Palo Alto Networks

CVSS Scores

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Adjacent

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-02-03 CVE Reserved
2020-07-13 CVE Published
2023-11-30 EPSS Updated
2024-09-16 CVE Updated
2024-09-16 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-300: Channel Accessible by Non-Endpoint
CWE-420: Unprotected Alternate Channel

CAPEC

References (5)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20200821-0001	Third Party Advisory

URL	Date	SRC
https://github.com/kubernetes/kubernetes/issues/92315	2024-09-16
https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ	2024-09-16

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2020-8558	2020-08-05
https://bugzilla.redhat.com/show_bug.cgi?id=1843358	2020-08-05

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Kubernetes Search vendor "Kubernetes"		Kubernetes Search vendor "Kubernetes" for product "Kubernetes"				>= 1.1.0 <= 1.16.10 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.1.0 <= 1.16.10"		-		Affected
Kubernetes Search vendor "Kubernetes"		Kubernetes Search vendor "Kubernetes" for product "Kubernetes"				>= 1.17.0 <= 1.17.6 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.17.0 <= 1.17.6"		-		Affected
Kubernetes Search vendor "Kubernetes"		Kubernetes Search vendor "Kubernetes" for product "Kubernetes"				>= 1.18.0 <= 1.18.3 Search vendor "Kubernetes" for product "Kubernetes" and version " >= 1.18.0 <= 1.18.3"		-		Affected