CVE-2020-8562 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-8562 REJECTED

As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.

EPSS 0.06% · 17.7th percentile

Risk Scores

EPSS Score

0.06%

17.7th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	kubernetes	0, 1.0
Ubuntu:Pro:20.04:LTS	kubernetes	0, 1.0
Ubuntu:24.04:LTS	kubernetes	0, 1.0

Timeline

CVE Published
May 27, 2021 PoC Published
Feb 2, 2022 EPSS Score
Mar 26, 2022 EPSS Score
May 17, 2022 EPSS Score
Jul 8, 2022 EPSS Score
Aug 30, 2022 EPSS Score
Oct 21, 2022 EPSS Score
Dec 12, 2022 EPSS Score
Feb 2, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 27, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2020-8562 third-party-advisory
https://www.openwall.com/lists/oss-security/2021/05/04/8 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-8562 third-party-advisory

Open in Interactive Console →