CVE-2020-8562 in Kubernetesinfo

Zusammenfassung

von MITRE • 01.02.2022

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Kubernetes

Reservieren

03.02.2020

Veröffentlichung

01.02.2022

Moderieren

akzeptiert

Eintrag

VDB-192053

CPE

bereit

EPSS

0.00056

KEV

nein

Aktivitäten

very low

Sektor

Finance, Energy, ...

Quellen

MITREhttps://www.cve.org/CVERecord?id=CVE-2020-8562
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-8562
CVE Detailshttps://www.cvedetails.com/cve/CVE-2020-8562/

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!