Source |
CVE Liste |
Identifiant |
2227275 |
Date de publication |
2021-01-21 17:15:13 (vue: 2021-01-21 20:05:59) |
Titre |
CVE-2020-8554 |
Texte |
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. |
Envoyé |
Oui |
Condensat |
2020 8554 able additionally address all allow api attacker can clusterip considered create cve effect externalips field granted ingress intercept kubernetes loadbalancer not operation patch privileged server service set should similar spec status traffic typically users versions which who |
Tags |
|
Stories |
Uber
|
Notes |
|
Move |
|