CVE-2020-8559 Vulnerability Notice
The Huawei Cloud CCI team noticed the Kubernetes security vulnerability CVE-2020-8559 on July 22. After detailed analysis, it is found that the vulnerability has no impact on users and CCI services, and does not need to be handled.
Vulnerability Details
Kubernetes recently disclosed the security vulnerability CVE-2020-8559 in the kube-apiserver component, with CVSS rating of Medium (6.4) CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H.
Vulnerability brief: An attacker can intercept certain upgrade requests sent to kubelet of a node and forward the requests to other target nodes using the original access credentials in the requests. This can lead to permission escalation.
Reference link: https://github.com/kubernetes/kubernetes/issues/92914
How Do I Determine Whether a Vulnerability Is Involved?
Affected cluster versions are used:
- kube-apiserver v1.18.0–v1.18.5
- kube-apiserver v1.17.0–v1.17.8
- kube-apiserver v1.16.0–v1.16.12
- kube-apiserver versions earlier than v1.16.0
Vulnerability Analysis Results
The CCI service is not affected by this vulnerability. The reason is as follows:
CCI workloads are deployed on clusters of Kubernetes v1.15, and the container network is based on the user's VPC. No user can access nodes or intercept kubelet requests. Therefore, nodes will not be attacked.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
