Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Oct 2022, 02:41
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo |
12 May 2022, 14:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:* | |
First Time |
Oracle communications Cloud Native Core Policy
|
|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 17:04
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Patch, Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
First Time |
Oracle communications Cloud Native Core Network Slice Selection Function
Oracle Oracle communications Cloud Native Core Service Communication Proxy |
|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.2.1:*:*:*:*:*:*:* |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 12:55
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E - Mailing List, Patch, Third Party Advisory |
04 Feb 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Feb 2021, 14:40
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 5.0 |
03 Feb 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Jan 2021, 14:16
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 7.5 |
CWE | CWE-863 | |
References | (CONFIRM) https://github.com/kubernetes/kubernetes/issues/97076 - Exploit, Third Party Advisory | |
References | (MLIST) https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8 - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* |
21 Jan 2021, 18:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-01-21 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-8554
Mitre link : CVE-2020-8554
CVE.ORG link : CVE-2020-8554
JSON object : View
Products Affected
oracle
- communications_cloud_native_core_policy
- communications_cloud_native_core_service_communication_proxy
- communications_cloud_native_core_network_slice_selection_function
kubernetes
- kubernetes
CWE