CVE-2020-8554

MEDIUM Year: 2020
CVSS v3 Score
5.0
Medium
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-283
View all →

Vulnerability Description

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

Related Vulnerabilities

CVE-2024-1853

MEDIUM
CVSS:5.5(Medium)

Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers.

CWE-2832024

CVE-2023-30544

MEDIUM
CVSS:4.3(Medium)

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to c...

CWE-2832023

CVE-2022-29220

MEDIUM
CVSS:6.5(Medium)

github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit cre...

CWE-2832022

CVE-2023-6068

LOW
CVSS:3.1(Low)

On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in som...

CWE-2832023

CVE-2021-24500

HIGH
CVSS:8.1(High)

Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attac...

CWE-2832021

CVE-2021-24501

HIGH
CVSS:8.1(High)

The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting object...

CWE-2832021