How severe is CVE-2020-8558?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-8558?

This is classified as CWE-420, which is a common weakness in software security.

CVE-2020-8558

HIGH Year: 2020

CVSS v3 Score

8.8

High

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-420

View all →

Vulnerability Description

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

CVE-2023-4570

HIGH

CVSS:8.8(High)

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be...

CWE-4202023

CVE-2023-28840

HIGH

CVSS:8.7(High)

Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component...

CWE-4202023

CVE-2023-52718

HIGH

CVSS:8.1(High)

A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This v...

CWE-4202023

CVE-2023-7266

HIGH

CVSS:8.1(High)

Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulner...

CWE-4202023

CVE-2024-8038

HIGH

CVSS:7.9(High)

Vulnerable juju introspection abstract UNIX domain socket. An abstract UNIX domain socket responsible for introspection is available without authentication locally to network namespace users. This ena...

CWE-4202024

CVE-2023-20198

CRITICAL

CVSS:10.0(Critical)

Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software...

CWE-4202023

CVE-2020-8558

Vulnerability Description

Related Vulnerabilities

CVE-2023-4570

CVE-2023-28840

CVE-2023-52718

CVE-2023-7266

CVE-2024-8038

CVE-2023-20198