#VU103955 Unprotected Alternate Channel in Kubelet - CVE-2020-8558
Published: February 13, 2025
Vulnerability identifier: #VU103955
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-8558
CWE-ID: CWE-420
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Kubelet
Kubelet
Software vendor:
Kubernetes
Kubernetes
Description
The vulnerability allows an adjacent attacker to reach TCP and UDP services.
The vulnerability exists due to application does not properly control consumption of internal resources. An adjacent attacker can reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.
Remediation
Install updates from vendor's website.