VDB

AWS-2020-002v2

AWS-2020-002v2 PUBLISHED

CVE Identifier: CVE-2020-8558 This is an update for this issue. AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running on the same host, or adjacent hosts (hosts running in the same LAN or layer 2 domain), to reach TCP and UDP services bound to localhost (127.0.0.1). All AWS security controls to maintain isolation between customers in Amazon ECS and Amazon EKS continue to work correctly. This issue presents no risk of cross-account data access. Processes within a container on one host may be able to gain unintended network access to other containers on that same host or on other hosts within the same VPC and subnet. Customer action is required, and steps for immediate mitigation are available at https://github.com/aws/containers-roadmap/issues/976 . All Amazon ECS and Amazon EKS customers should update to the latest AMI. AWS Fargate AWS Fargate is not affected. No customer action is required. Amazon Elastic Container Service (Amazon ECS) Updated Amazon ECS Optimized AMIs are now available. As a general security best practice, we recommend that ECS customers updat…

Timeline

  • Jul 10, 2020 CVE Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›