CVE-2020-8554
Published: 21 January 2021
Summary
CVE-2020-8554 is a medium-severity Unverified Ownership (CWE-283) vulnerability in Kubernetes Kubernetes. Its CVSS base score is 6.3 (Medium).
Operationally, ranked in the top 3.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-1072
Vulnerability details
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which…
more
is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
- CWE(s)
Related Threats
Threat-Actor AttributionAI
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.