GO-2022-0922 ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour

ExternalName Services can be used to gain access to Envoy's admin interface in github.com/projectcontour/contour...

Cross-Site Request Forgery (CSRF)

github.com/kubernetes/kubernetes is vulnerable to cross-site request forgery. Backend IPs to ExternalName Services are exposed to ExternalName Services as it allows attackers to send network traffic to restricted locations...

GHSA-5PH6-QQ5X-7JWC ExternalName Services can be used to gain access to Envoy's admin interface

Impact Josh Ferrell @josh-ferrell from VMware has reported that a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely a denial of service, o...

ExternalName Services can be used to gain access to Envoy's admin interface

Impact Josh Ferrell @josh-ferrell from VMware has reported that a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy remotely a denial of service, o...

PT-2021-19929 · Contour +1 · Contour +1

Name of the Vulnerable Software and Affected Versions: Contour versions prior to 1.17.1 Contour versions prior to 1.18.0 Description: A specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy containe...