CVE-2020-26278 : Security Advisory and Response

Weave Net before version 2.8.0 has a vulnerability that can allow an attacker to take over any host in the cluster due to unnecessary privileges. Learn about the impact, technical details, and mitigation steps.

Understanding CVE-2020-26278

Weave Net Pods running in the host PID namespace can be exploited to escalate other Kubernetes vulnerabilities.

What is CVE-2020-26278?

Weave Net creates a virtual network connecting Docker containers across hosts
Vulnerability in versions < 2.8.0 allows attackers to take over any host in the cluster

The Impact of CVE-2020-26278

CVSS v3.1 Base Score: 5.8 (Medium Severity)
Attack Complexity: High
Attack Vector: Adjacent Network
Integrity Impact: High
Privileges Required: Low

Technical Details of CVE-2020-26278

Weave Net's vulnerability and affected systems.

Vulnerability Description

Weave Net pods in host PID namespace can be exploited to escalate Kubernetes vulnerabilities
Vulnerability in versions < 2.8.0 allows attackers to gain excessive privileges

Affected Systems and Versions

Product: Weave
Vendor: Weaveworks
Versions Affected: < 2.8.0

Exploitation Mechanism

Attackers can exploit the hostPID setting to access all processes on the host
Allows writing anywhere in the root filesystem, potentially compromising the entire host

Mitigation and Prevention

Steps to secure systems and prevent exploitation.

Immediate Steps to Take

Update to Weave Net version 2.8.0 to remove the hostPID setting
Edit existing DaemonSet manifest to set hostPID line to false
Arrange alternative methods to install CNI plugins and remove unnecessary mounts

Long-Term Security Practices

Regularly update software to the latest versions
Implement secure configurations and best practices for Kubernetes clusters

Patching and Updates

Weave Net 2.8.0 removes the hostPID setting and enhances security
Stay informed about security advisories and apply patches promptly