CVE-2020-8558

Priority
Description
The Kubelet and kube-proxy components in versions 1.1.0-1.16.10,
1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue
which allows adjacent hosts to reach TCP and UDP services bound to
127.0.0.1 running on the node or in the node's network namespace. Such a
service is generally thought to be reachable only by other processes on the
same host, but due to this defeect, could be reachable by other hosts on
the same LAN as the node, or by containers running on the same node as the
service.
Notes
leosilvakubernates is in fact a kubernetes installer
that calls snap, not the package it self.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):needs-triage
More Information

Updated: 2020-08-05 04:14:41 UTC (commit 75ee2efd5b1f4456ca1263baf8c308c5218273da)