23 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-8554
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to th...
SUSE CVE-2011-2534
Buffer overflow in the clusteripprocwrite function in net/ipv4/netfilter/iptCLUSTERIP.c in the Linux kernel before 2.6.39 might allow local users to cause a denial of service or have unspecified other impact via a crafted write operation, related to string data that lacks a terminating '\0'...
Unverified Ownership in Kubernetes
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
GHSA-J9WF-VVM6-4R9W Unverified Ownership in Kubernetes
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
AZL-34893 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-2
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
DEBIAN-CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
AZL-31731 CVE-2020-8554 affecting package kubernetes for versions less than 1.28.3-1
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
AZL-31696 CVE-2020-8554 affecting package python-kubernetes for versions less than 21.7.0-1
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Code injection
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
UBUNTU-CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
CVE-2020-8554 affects the Kubernetes API server by allowing an attacker who can create a ClusterIP service with a crafted spec.externalIPs to intercept traffic to that IP, and by abusing privileged status.patch on a LoadBalancer service to set status.loadBalancer.ingress.ip. The issue is rooted i...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554 Kubernetes man in the middle using LoadBalancer or ExternalIPs
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
Incorrect Authorization
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status which is considered a privileged operation and should not...
PT-2020-20205
Name of the Vulnerable Software and Affected Versions Kubernetes API server versions prior to a fixed version the fixed version is not specified Description The issue allows an attacker who can create a ClusterIP service and set the spec.externalIPs field to intercept traffic to that IP address...