Published: 01/02/2022 Updated: 29/03/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 3.1 | Impact Score: 1.4 | Exploitability Score: 1.6

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

A security issue exists in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeControllerManager logs.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kubernetes kubernetes
kubernetes kubernetes 1.21.0

Debian Bug report logs - #990793 kubernetes: CVE-2020-8554 CVE-2020-8562 CVE-2021-25735 CVE-2021-25737 Package: src:kubernetes; Maintainer for src:kubernetes is Janos Lenart <ocsi@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Wed, 7 Jul 2021 15:48:02 UTC Severity: important Tags: security, upst ...

A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeContro ...

CWE-367 https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY https://github.com/kubernetes/kubernetes/issues/101493 https://security.netapp.com/advisory/ntap-20220225-0002/https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793 https://access.redhat.com/security/cve/cve-2020-8562

CVE-2020-8562

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect