DEBIAN-CVE-2020-8558
Advisory lineage Upstream: 1 Downstream: 0
Upstream
Published: 27 Jul 2020, 20:15
Last modified:28 Apr 2026, 20:21
Vulnerability Summary
Overall Risk (default)
medium
35/100 CVSS Score
8.8 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
27 Jul 2020, 20:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:21
Last Modified
Vulnerability information updated
Description
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.
CVSS Metrics
- v3.1•HIGH•Score: 8.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Systems
- debian•kubernetes
< 1.18.5-1 | < 1.18.5-1 | < 1.18.5-1 | < 1.18.5-1