Source |
CVE Liste |
Identifiant |
4065145 |
Date de publication |
2022-02-01 11:15:10 (vue: 2022-02-01 14:07:57) |
Titre |
CVE-2020-8562 |
Texte |
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane. |
Envoyé |
Oui |
Condensat |
0/16 0/8 127 169 2019 2020 254 8555 8562 able access accessing actual are attempts bypass cached check connection connections control cve different dns does driven from ips kubernetes link local localhost making may mitigation mitigations name networks nodes non not part performs plane pods prevent private providers proxied proxy range report resolution response responses restriction returns second server service services standard storageclass then user validates validation when without |
Tags |
|
Stories |
Uber
|
Notes |
|
Move |
|