CVE-2020-8554

by Fred · 21/01/2021

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

Date published : 2021-01-21

https://github.com/kubernetes/kubernetes/issues/97076

https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8

CVE-2020-8554

Similar

Recent Posts

Categories

CVE-2020-8554

Share this:

Similar

Recent Posts

Categories

Tags