SCA: security update for k8s.io/kubernetes (GHSA-wqv3-8cm6-h6wg)

high Tenable Cloud Security Plugin ID 431980

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were
found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to
127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to
be reachable only by other processes on the same host, but due to this defeect, could be reachable by
other hosts on the same LAN as the node, or by containers running on the same node as the service.
(CVE-2020-8558)

See Also

https://github.com/advisories/GHSA-wqv3-8cm6-h6wg

Plugin Details

Severity: High

ID: 431980

Version: Revision 1.3

Type: Local

Family: SCA Checks

Published: 8/7/2025

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2020-8558

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/15/2022

Vulnerability Publication Date: 4/18/2020

Reference Information

CVE: CVE-2020-8558

cwe: CWE-420