Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/openshift@4.3.31-202007280738.p0.git.0.9884401?arch=el7

Type rpm

Namespace redhat

Name openshift

Version 4.3.31-202007280738.p0.git.0.9884401

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-tc46-9vdm-xudz

vulnerability_id

VCID-tc46-9vdm-xudz

summary

Improper Authentication in Kubernetes
A security issue was discovered in the Kubelet and kube-proxy components of Kubernetes which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. For example, if a cluster administrator runs a TCP service on a node that listens on 127.0.0.1:1234, because of this bug, that service would be potentially reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service. If the example service on port 1234 required no additional authentication (because it assumed that only other localhost processes could reach it), then it could be vulnerable to attacks that make use of this bug.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8558.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8558.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8558

reference_id

reference_type

scores

value	0.20149
scoring_system	epss
scoring_elements	0.95456
published_at	2026-04-01T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95493
published_at	2026-04-13T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95492
published_at	2026-04-12T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.9549
published_at	2026-04-11T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95485
published_at	2026-04-09T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95482
published_at	2026-04-08T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95476
published_at	2026-04-07T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95472
published_at	2026-04-04T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95466
published_at	2026-04-02T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95509
published_at	2026-04-21T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95506
published_at	2026-04-18T12:55:00Z

value	0.20149
scoring_system	epss
scoring_elements	0.95501
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8558

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1843358

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1843358

reference_url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8558

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/bottlerocket-os/bottlerocket/security/advisories/GHSA-wqv3-8cm6-h6wg

reference_url

https://github.com/kubernetes/kubernetes

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/kubernetes/kubernetes

reference_url

https://github.com/kubernetes/kubernetes/issues/92315

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/kubernetes/kubernetes/issues/92315

reference_url

https://github.com/tabbysable/POC-2020-8558

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/tabbysable/POC-2020-8558

reference_url

https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ

reference_url

https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/kubernetes-security-announce/c/B1VegbBDMTE

reference_url

https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://labs.bishopfox.com/tech-blog/bad-pods-kubernetes-pod-privilege-escalation

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8558

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8558

reference_url

https://security.netapp.com/advisory/ntap-20200821-0001

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200821-0001

reference_url

https://www.openwall.com/lists/oss-security/2020/07/08/1

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.openwall.com/lists/oss-security/2020/07/08/1

reference_url	https://access.redhat.com/errata/RHSA-2020:2412
reference_id	RHSA-2020:2412
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2412

reference_url	https://access.redhat.com/errata/RHSA-2020:2413
reference_id	RHSA-2020:2413
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2413

reference_url	https://access.redhat.com/errata/RHSA-2020:2926
reference_id	RHSA-2020:2926
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2926

reference_url	https://access.redhat.com/errata/RHSA-2020:2927
reference_id	RHSA-2020:2927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2927

reference_url	https://access.redhat.com/errata/RHSA-2020:2992
reference_id	RHSA-2020:2992
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2992

reference_url	https://access.redhat.com/errata/RHSA-2020:3183
reference_id	RHSA-2020:3183
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3183

reference_url	https://access.redhat.com/errata/RHSA-2020:3184
reference_id	RHSA-2020:3184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3184

fixed_packages

aliases

CVE-2020-8558, GHSA-wqv3-8cm6-h6wg

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-tc46-9vdm-xudz

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift@4.3.31-202007280738.p0.git.0.9884401%3Farch=el7

Package Instance