CVE-2020-8562

1. Информация о уязвимости

Уязвимость ID: CVE-2020-8562
Компонент, к которому относится уязвимость: kubernetes
Версии, к которым относится уязвимость: 1.18.6, 1.20.2, 1.24.0, 1.25.3, 1.29.1
CVSS V3.0 оценка:
- BaseScore: 3.1 (Низкий)
- Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Краткое описание уязвимости:
В ответ на отчет 2019 года и уязвимость CVE-2020-8555, Kubernetes пытается предотвратить доступ прокси-соединений к локальным или локальным сетям при создании пользовательских соединений с сервисами, падами, узлами или поставщиками сервисов StorageClass. В рамках этой меры Kubernetes выполняет проверку разрешения DNS-имени и проверяет, что ответные IP-адреса не находятся в диапазоне локальной сети (169.254.0.0/16) или локального хоста (127.0.0.0/8). Затем Kubernetes выполняет вторую проверку разрешения DNS без проверки для фактического соединения. Если нестандартный DNS-сервер возвращает разные не кэшированные ответы, пользователь может обойти ограничение IP-адреса прокси и получить доступ к частным сетям на управляющем плане.
Дата публикации уязвимости: 2022-02-01 19:15:10
Дата создания уязвимости: 2022-02-07 22:30:44
Ссылка на подробную информацию о уязвимости:
- https://nvd.nist.gov/vuln/detail/CVE-2020-8562

Дополнительные ссылки (нажмите, чтобы развернуть)

| Источник | Ссылка | Ссылка на источник | | -------- | ------ | ------------------ | | jordan.liggitt.net | https://github.com/jimmidyson/configmap-reload | https://github.com/jimmidyson/configmap-reload | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88444 | https://github.com/kubernetes/kubernetes/pull/88444 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88445 | https://github.com/kubernetes/kubernetes/pull/88445 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88446 | https://github.com/kubernetes/kubernetes/pull/88446 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88447 | https://github.com/kubernetes/kubernetes/pull/88447 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88448 | https://github.com/kubernetes/kubernetes/pull/88448 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88449 | https://github.com/kubernetes/kubernetes/pull/88449 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88450 | https://github.com/kubernetes/kubernetes/pull/88450 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88451 | https://github.com/kubernetes/kubernetes/pull/88451 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88452 | https://github.com/kubernetes/kubernetes/pull/88452 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88453 | https://github.com/kubernetes/kubernetes/pull/88453 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88454 | https://github.com/kubernetes/kubernetes/pull/88454 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88455 | https://github.com/kubernetes/kubernetes/pull/88455 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88456 | https://github.com/kubernetes/kubernetes/pull/88456 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88457 | https://github.com/kubernetes/kubernetes/pull/88457 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88458 | https://github.com/kubernetes/kubernetes/pull/88458 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88459 | https://github.com/kubernetes/kubernetes/pull/88459 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88460 | https://github.com/kubernetes/kubernetes/pull/88460 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88461 | https://github.com/kubernetes/kubernetes/pull/88461 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88462 | https://github.com/kubernetes/kubernetes/pull/88462 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88463 | https://github.com/kubernetes/kubernetes/pull/88463 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88464 | https://github.com/kubernetes/kubernetes/pull/88464 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88465 | https://github.com/kubernetes/kubernetes/pull/88465 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88466 | https://github.com/kubernetes/kubernetes/pull/88466 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88467 | https://github.com/kubernetes/kubernetes/pull/88467 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88468 | https://github.com/kubernetes/kubernetes/pull/88468 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88469 | https://github.com/kubernetes/kubernetes/pull/88469 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88470 | https://github.com/kubernetes/kubernetes/pull/88470 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88471 | https://github.com/kubernetes/kubernetes/pull/88471 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88472 | https://github.com/kubernetes/kubernetes/pull/88472 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88473 | https://github.com/kubernetes/kubernetes/pull/88473 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88474 | https://github.com/kubernetes/kubernetes/pull/88474 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88475 | https://github.com/kubernetes/kubernetes/pull/88475 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88476 | https://github.com/kubernetes/kubernetes/pull/88476 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88477 | https://github.com/kubernetes/kubernetes/pull/88477 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88478 | https://github.com/kubernetes/kubernetes/pull/88478 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88479 | https://github.com/kubernetes/kubernetes/pull/88479 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88480 | https://github.com/kubernetes/kubernetes/pull/88480 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88481 | https://github.com/kubernetes/kubernetes/pull/88481 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88482 | https://github.com/kubernetes/kubernetes/pull/88482 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88483 | https://github.com/kubernetes/kubernetes/pull/88483 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88484 | https://github.com/kubernetes/kubernetes/pull/88484 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88485 | https://github.com/kubernetes/kubernetes/pull/88485 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88486 | https://github.com/kubernetes/kubernetes/pull/88486 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88487 | https://github.com/kubernetes/kubernetes/pull/88487 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88488 | https://github.com/kubernetes/kubernetes/pull/88488 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88489 | https://github.com/kubernetes/kubernetes/pull/88489 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88490 | https://github.com/kubernetes/kubernetes/pull/88490 | | jordan.liggitt.net | https://github.com/kubernetes/kubernetes/pull/88491 | https://github.com/kubernetes/kubernetes/pull/88491 | | jordan.liggitt.netcom/kubernetes/kubernetes/issues/101493 | | | jordan. liggitt. net | https://groups. google. com/g/kubernetes-security-announce/c/-MFX60_wdOY | | | jordan. liggitt. net | https://security. netapp. com/advisory/ntap-20220225-0002/ | | | redhat_bugzilla | https://github. com/kubernetes/kubernetes/issues/101493 | https://bugzilla. redhat. com/show_bug. cgi? id=1954914 | | ubuntu | https://cve. mitre. org/cgi-bin/cvename. cgi? name=CVE-2020-8562 | https://ubuntu. com/security/CVE-2020-8562 | | ubuntu | https://www. openwall. com/lists/oss-security/2021/05/04/8 | https://ubuntu. com/security/CVE-2020-8562 | | ubuntu | https://nvd. nist. gov/vuln/detail/CVE-2020-8562 | https://ubuntu. com/security/CVE-2020-8562 | | ubuntu | https://launchpad. net/bugs/cve/CVE-2020-8562 | https://ubuntu. com/security/CVE-2020-8562 | | ubuntu | https://security-tracker. debian. org/tracker/CVE-2020-8562 | https://ubuntu. com/security/CVE-2020-8562 | | debian | | https://security-tracker. debian. org/tracker/CVE-2020-8562 | | anolis | | https://anas. openanolis. cn/cves/detail/CVE-2020-8562 | | cve_search | | https://groups. google. com/g/kubernetes-security-announce/c/-MFX60_wdOY | | cve_search | | https://github. com/kubernetes/kubernetes/issues/101493 | | cve_search | | https://security. netapp. com/advisory/ntap-20220225-0002/ | | github_advisory | https://groups. google. com/g/kubernetes-security-announce/c/-MFX60_wdOY | https://github. com/advisories/GHSA-qh36-44jv-c8xj | | github_advisory | https://security. netapp. com/advisory/ntap-20220225-0002/ | https://github. com/advisories/GHSA-qh36-44jv-c8xj | | github_advisory | https://nvd. nist. gov/vuln/detail/CVE-2020-8562 | https://github. com/advisories/GHSA-qh36-44jv-c8xj | | github_advisory | https://github. com/kubernetes/kubernetes/issues/101493 | https://github. com/advisories/GHSA-qh36-44jv-c8xj | | go | https://github. com/advisories/GHSA-qh36-44jv-c8xj | https://github. com/golang/vulndb/blob/master/reports/GO-2022-0617. yaml | | go | https://nvd. nist. gov/vuln/detail/CVE-2020-8562 | https://github. com/golang/vulndb/blob/master/reports/GO-2022-0617. yaml | | go | https://github. com/kubernetes/kubernetes/issues/101493 | https://github. com/golang/vulndb/blob/master/reports/GO-2022-0617. yaml | | go | https://github. com/kubernetes/kubernetes/issues/101493#issuecomment-2272095629 | https://github. com/golang/vulndb/blob/master/reports/GO-2022-0617. yaml | | go | https://groups. google. com/g/kubernetes-security-announce/c/-MFX60_wdOY |google.com/g/kubernetes-security-announce/c/-MFX60_wdOY | https://github.com/golang/vulndb/blob/master/reports/GO-2022-0617.yaml | | go | https://security.netapp.com/advisory/ntap-20220225-0002 | https://github.com/golang/vulndb/blob/master/reports/GO-2022-0617.yaml | | osv | https://security.netapp.com/advisory/ntap-20220225-0002/ | https://osv.dev/vulnerability/CVE-2020-8562 | | osv | https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY | https://osv.dev/vulnerability/CVE-2020-8562 | | osv | https://github.com/kubernetes/kubernetes/issues/101493 | https://osv.dev/vulnerability/CVE-2020-8562 |

Представление информации о уязвимостях: https://gitee.com/openeuler/cve-manager/blob/master/cve-vulner-manager/doc/md/manual.md Источник данных о уязвимостях: Другие Информация о патчах:

Подробнее (нажмите для раскрытия)

Влияние на пакет	Версия исправления	Исправительный патч	Патч, введший проблему	Источник
		https://github.com/kubernetes/kubernetes/issues/101493		nvd
		https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY		nvd
		https://security.netapp.com/advisory/ntap-20220225-0002/		nvd

Вторая часть: структура анализа уязвимостей
Анализ влияния:
openEuler оценка:
3.1
Vector: CVSS: 3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Проверка версий, подверженных уязвимости (подвержен/не подвержен):

openEuler-20.03-LTS:
openEuler-20.03-LTS-SP1(1.20.2):
openEuler-20.03-LTS-SP2(1.20.2):
openEuler-20.03-LTS-SP3(1.20.2):
master(1.29.1):
openEuler-22.03-LTS-SP4(1.20.2):
openEuler-24.03-LTS-SP2(1.29.1):

Влияет ли исправление на ABI (да/нет):

openEuler-20.03-LTS:
openEuler-20.03-LTS-SP1(1.20.2):
openEuler-20.03-LTS-SP2(1.20.2):
openEuler-20.03-LTS-SP3(1.20.2):
master(1.29.1):
openEuler-22.03-LTS-SP4(1.20.2):
openEuler-24.03-LTS-SP2(1.29.1):

Пояснение причин:

master(1.29.1):
openEuler-20.03-LTS-SP4(1.20.2):
openEuler-22.03-LTS-SP3(1.20.2):
openEuler-22.03-LTS-SP4(1.20.2):
openEuler-24.03-LTS(1.29.1):
openEuler-24.03-LTS-Next(1.29.1):
openEuler-24.03-LTS-SP1(1.29.1):
openEuler-24.03-LTS-SP2(1.29.1):

OSCHINA-MIRROR/src-openeuler-kubernetes

Опасно

1. Информация о уязвимости

Комментарий (0)

OSCHINA-MIRROR/src-openeuler-kubernetes .gitee-modal { min-width: 500px !important; } .gitee-modal .close { right: 0.6rem !important; }

Опасно

CVE-2020-8562

1. Информация о уязвимости

Комментарий (0)

OSCHINA-MIRROR/src-openeuler-kubernetes