Lucene search

K
osvGoogleOSV:GHSA-X6MJ-W4JF-JMGW
HistoryFeb 15, 2022 - 1:57 a.m.

Server Side Request Forgery (SSRF) in Kubernetes

2022-02-1501:57:18
Google
osv.dev
133
kubernetes
vulnerable
ssrf
unauthorized access

EPSS

0.001

Percentile

41.3%

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the masterโ€™s host network (such as link-local or loopback services).