Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/openshift@4.5.0-202007012112.p0.git.0.582d7fc?arch=el7
Typerpm
Namespaceredhat
Nameopenshift
Version4.5.0-202007012112.p0.git.0.582d7fc
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-37zk-9fax-v7e1
vulnerability_id VCID-37zk-9fax-v7e1
summary 
Improper Verification of Cryptographic Signature in golang.org/x/crypto
golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client.
references
0
reference_url http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/156480/Go-SSH-0.0.2-Denial-Of-Service.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9283.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-9283
reference_id
reference_type
scores
0
value 0.18682
scoring_system epss
scoring_elements 0.95285
published_at 2026-04-16T12:55:00Z
1
value 0.18682
scoring_system epss
scoring_elements 0.95277
published_at 2026-04-13T12:55:00Z
2
value 0.18682
scoring_system epss
scoring_elements 0.95275
published_at 2026-04-12T12:55:00Z
3
value 0.18682
scoring_system epss
scoring_elements 0.95274
published_at 2026-04-11T12:55:00Z
4
value 0.18682
scoring_system epss
scoring_elements 0.95269
published_at 2026-04-09T12:55:00Z
5
value 0.18682
scoring_system epss
scoring_elements 0.95266
published_at 2026-04-08T12:55:00Z
6
value 0.18682
scoring_system epss
scoring_elements 0.95259
published_at 2026-04-07T12:55:00Z
7
value 0.18682
scoring_system epss
scoring_elements 0.95254
published_at 2026-04-04T12:55:00Z
8
value 0.18682
scoring_system epss
scoring_elements 0.95251
published_at 2026-04-02T12:55:00Z
9
value 0.18682
scoring_system epss
scoring_elements 0.95239
published_at 2026-04-01T12:55:00Z
10
value 0.18682
scoring_system epss
scoring_elements 0.9529
published_at 2026-04-18T12:55:00Z
11
value 0.18682
scoring_system epss
scoring_elements 0.95292
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-9283
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9283
4
reference_url https://github.com/golang/crypto
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto
5
reference_url https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
6
reference_url https://go.dev/cl/220357
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/220357
7
reference_url https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/crypto/+/bac4c82f69751a6dd76e702d54b3ceb88adab236
8
reference_url https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/3L45YRc91SY
9
reference_url https://groups.google.com/g/golang-announce/c/3L45YRc91SY
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/3L45YRc91SY
10
reference_url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/10/msg00014.html
11
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00027.html
12
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2020/11/msg00031.html
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-9283
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-9283
14
reference_url https://pkg.go.dev/vuln/GO-2020-0012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0012
15
reference_url https://www.exploit-db.com/exploits/48121
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/48121
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1804533
reference_id 1804533
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1804533
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
reference_id 952462
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952462
18
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
reference_id CVE-2020-9283
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/48121.py
19
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
20
reference_url https://access.redhat.com/errata/RHSA-2020:2413
reference_id RHSA-2020:2413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2413
21
reference_url https://access.redhat.com/errata/RHSA-2020:2789
reference_id RHSA-2020:2789
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2789
22
reference_url https://access.redhat.com/errata/RHSA-2020:2790
reference_id RHSA-2020:2790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2790
23
reference_url https://access.redhat.com/errata/RHSA-2020:2793
reference_id RHSA-2020:2793
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2793
24
reference_url https://access.redhat.com/errata/RHSA-2020:2878
reference_id RHSA-2020:2878
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2878
25
reference_url https://access.redhat.com/errata/RHSA-2020:3078
reference_id RHSA-2020:3078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3078
26
reference_url https://access.redhat.com/errata/RHSA-2020:3369
reference_id RHSA-2020:3369
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3369
27
reference_url https://access.redhat.com/errata/RHSA-2020:3370
reference_id RHSA-2020:3370
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3370
28
reference_url https://access.redhat.com/errata/RHSA-2020:3372
reference_id RHSA-2020:3372
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3372
29
reference_url https://access.redhat.com/errata/RHSA-2020:3414
reference_id RHSA-2020:3414
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3414
30
reference_url https://access.redhat.com/errata/RHSA-2020:3809
reference_id RHSA-2020:3809
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3809
31
reference_url https://access.redhat.com/errata/RHSA-2020:4298
reference_id RHSA-2020:4298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4298
32
reference_url https://access.redhat.com/errata/RHSA-2021:1129
reference_id RHSA-2021:1129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1129
fixed_packages
aliases CVE-2020-9283, GHSA-ffhg-7mh4-33c4
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37zk-9fax-v7e1
1
url VCID-fbzn-vujj-pud5
vulnerability_id VCID-fbzn-vujj-pud5
summary 
Excessive Platform Resource Consumption within a Loop in Kubernetes
The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11254.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11254.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11254
reference_id
reference_type
scores
0
value 0.00121
scoring_system epss
scoring_elements 0.31175
published_at 2026-04-21T12:55:00Z
1
value 0.00121
scoring_system epss
scoring_elements 0.31276
published_at 2026-04-11T12:55:00Z
2
value 0.00121
scoring_system epss
scoring_elements 0.31203
published_at 2026-04-18T12:55:00Z
3
value 0.00121
scoring_system epss
scoring_elements 0.31222
published_at 2026-04-16T12:55:00Z
4
value 0.00121
scoring_system epss
scoring_elements 0.31189
published_at 2026-04-13T12:55:00Z
5
value 0.00121
scoring_system epss
scoring_elements 0.31232
published_at 2026-04-12T12:55:00Z
6
value 0.00121
scoring_system epss
scoring_elements 0.312
published_at 2026-04-01T12:55:00Z
7
value 0.00121
scoring_system epss
scoring_elements 0.31327
published_at 2026-04-02T12:55:00Z
8
value 0.00121
scoring_system epss
scoring_elements 0.31368
published_at 2026-04-04T12:55:00Z
9
value 0.00121
scoring_system epss
scoring_elements 0.31188
published_at 2026-04-07T12:55:00Z
10
value 0.00121
scoring_system epss
scoring_elements 0.31241
published_at 2026-04-08T12:55:00Z
11
value 0.00121
scoring_system epss
scoring_elements 0.31272
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11254
2
reference_url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11254
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48
6
reference_url https://github.com/go-yaml/yaml/pull/555
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-yaml/yaml/pull/555
7
reference_url https://github.com/kubernetes/kubernetes/issues/89535
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/89535
8
reference_url https://github.com/kubernetes/kubernetes/pull/87467/commits/b86df2bec4f377afc0ca03482ffad2f0a49a83b8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/87467/commits/b86df2bec4f377afc0ca03482ffad2f0a49a83b8
9
reference_url https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/msg/kubernetes-announce/ALL9s73E5ck/4yHe8J-PBAAJ
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11254
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:S/C:N/I:N/A:P
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11254
11
reference_url https://pkg.go.dev/vuln/GO-2020-0036
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2020-0036
12
reference_url https://security.netapp.com/advisory/ntap-20200413-0003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200413-0003
13
reference_url https://security.netapp.com/advisory/ntap-20200413-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200413-0003/
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1819486
reference_id 1819486
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1819486
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
16
reference_url https://access.redhat.com/errata/RHSA-2020:0933
reference_id RHSA-2020:0933
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0933
17
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
18
reference_url https://access.redhat.com/errata/RHSA-2020:2413
reference_id RHSA-2020:2413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2413
19
reference_url https://access.redhat.com/errata/RHSA-2020:2479
reference_id RHSA-2020:2479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2479
fixed_packages
aliases CVE-2019-11254, GHSA-wxc4-f4m6-wwqv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbzn-vujj-pud5
2
url VCID-jwt2-1eqe-qyfq
vulnerability_id VCID-jwt2-1eqe-qyfq
summary kubernetes: credential leak in kube-controller-manager via error messages in mount failure logs and events for AzureFile and CephFS volumes
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11252.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11252.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11252
reference_id
reference_type
scores
0
value 0.00355
scoring_system epss
scoring_elements 0.57729
published_at 2026-04-01T12:55:00Z
1
value 0.00355
scoring_system epss
scoring_elements 0.57813
published_at 2026-04-02T12:55:00Z
2
value 0.00355
scoring_system epss
scoring_elements 0.57833
published_at 2026-04-04T12:55:00Z
3
value 0.00355
scoring_system epss
scoring_elements 0.57808
published_at 2026-04-07T12:55:00Z
4
value 0.00355
scoring_system epss
scoring_elements 0.57863
published_at 2026-04-08T12:55:00Z
5
value 0.00355
scoring_system epss
scoring_elements 0.57864
published_at 2026-04-09T12:55:00Z
6
value 0.00355
scoring_system epss
scoring_elements 0.57881
published_at 2026-04-11T12:55:00Z
7
value 0.00608
scoring_system epss
scoring_elements 0.6974
published_at 2026-04-21T12:55:00Z
8
value 0.00608
scoring_system epss
scoring_elements 0.69723
published_at 2026-04-12T12:55:00Z
9
value 0.00608
scoring_system epss
scoring_elements 0.6971
published_at 2026-04-13T12:55:00Z
10
value 0.00608
scoring_system epss
scoring_elements 0.6975
published_at 2026-04-16T12:55:00Z
11
value 0.00608
scoring_system epss
scoring_elements 0.69759
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11252
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11252
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11252
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1860158
reference_id 1860158
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1860158
5
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
6
reference_url https://access.redhat.com/errata/RHSA-2020:2413
reference_id RHSA-2020:2413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2413
fixed_packages
aliases CVE-2019-11252
risk_score 2.6
exploitability 0.5
weighted_severity 5.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwt2-1eqe-qyfq
3
url VCID-tc46-9vdm-xudz
vulnerability_id VCID-tc46-9vdm-xudz
summary 
Improper Authentication in Kubernetes
A security issue was discovered in the Kubelet and kube-proxy components of Kubernetes which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. For example, if a cluster administrator runs a TCP service on a node that listens on 127.0.0.1:1234, because of this bug, that service would be potentially reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. If the example service on port 1234 required no additional authentication (because it assumed that only other localhost processes could reach it), then it could be vulnerable to attacks that make use of this bug.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8558.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8558.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8558
reference_id
reference_type
scores
0
value 0.20149
scoring_system epss
scoring_elements 0.95456
published_at 2026-04-01T12:55:00Z
1
value 0.20149
scoring_system epss
scoring_elements 0.95493
published_at 2026-04-13T12:55:00Z
2
value 0.20149
scoring_system epss
scoring_elements 0.95492
published_at 2026-04-12T12:55:00Z
3
value 0.20149
scoring_system epss
scoring_elements 0.9549
published_at 2026-04-11T12:55:00Z
4
value 0.20149
scoring_system epss
scoring_elements 0.95485
published_at 2026-04-09T12:55:00Z
5
value 0.20149
scoring_system epss
scoring_elements 0.95482
published_at 2026-04-08T12:55:00Z
6
value 0.20149
scoring_system epss
scoring_elements 0.95476
published_at 2026-04-07T12:55:00Z
7
value 0.20149
scoring_system epss
scoring_elements 0.95472
published_at 2026-04-04T12:55:00Z
8
value 0.20149
scoring_system epss
scoring_elements 0.95466
published_at 2026-04-02T12:55:00Z
9
value 0.20149
scoring_system epss
scoring_elements 0.95509
published_at 2026-04-21T12:55:00Z
10
value 0.20149
scoring_system epss
scoring_elements 0.95506
published_at 2026-04-18T12:55:00Z
11
value 0.20149
scoring_system epss
scoring_elements 0.95501
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8558
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1843358
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1843358
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg
6
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
7
reference_url https://github.com/kubernetes/kubernetes/issues/92315
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/92315
8
reference_url https://github.com/tabbysable/POC-2020-8558
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/tabbysable/POC-2020-8558
9
reference_url https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ
10
reference_url https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE
11
reference_url https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8558
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8558
13
reference_url https://security.netapp.com/advisory/ntap-20200821-0001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200821-0001
14
reference_url https://www.openwall.com/lists/oss-security/2020/07/08/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2020/07/08/1
15
reference_url https://access.redhat.com/errata/RHSA-2020:2412
reference_id RHSA-2020:2412
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2412
16
reference_url https://access.redhat.com/errata/RHSA-2020:2413
reference_id RHSA-2020:2413
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2413
17
reference_url https://access.redhat.com/errata/RHSA-2020:2926
reference_id RHSA-2020:2926
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2926
18
reference_url https://access.redhat.com/errata/RHSA-2020:2927
reference_id RHSA-2020:2927
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2927
19
reference_url https://access.redhat.com/errata/RHSA-2020:2992
reference_id RHSA-2020:2992
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2992
20
reference_url https://access.redhat.com/errata/RHSA-2020:3183
reference_id RHSA-2020:3183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3183
21
reference_url https://access.redhat.com/errata/RHSA-2020:3184
reference_id RHSA-2020:3184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:3184
fixed_packages
aliases CVE-2020-8558, GHSA-wqv3-8cm6-h6wg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tc46-9vdm-xudz
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.5.0-202007012112.p0.git.0.582d7fc%3Farch=el7