CVE-2020-8557 MEDIUM

CVE-2020-8557: Kubernetes node disk Denial of Service by writing to container /etc/hosts

Vendor Kubernetes
Product Kubernetes
Weakness CWE-400
Published July 23, 2020
Last update September 17, 2024

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.

Key dates

02Disclosure timeline

July 23, 2020 CVE published
September 17, 2024 Record updated