CVE-2020-8562 in Kubernetesinformation

Résumé

par MITRE • 01/02/2022

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Kubernetes

Réserver

03/02/2020

Divulgation

01/02/2022

Modérer

accepté

Entrée

VDB-192053

CPE

prêt

EPSS

0.00056

KEV

non

Activités

très faible

Secteur

Insurance, Transportation, ...

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2020-8562
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2020-8562
CVE Detailshttps://www.cvedetails.com/cve/CVE-2020-8562/

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!