20 matches found
CVE-2026-42965
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
CVE-2026-42965
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
EUVD-2026-33275
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
CVE-2026-42965 Openshift/router: openshift/router: cloud metadata ssrf via fqdn-typed endpointslice bypasses destination validation
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
CVE-2026-42965
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
PT-2026-44798
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
EUVD-2021-2095
Malware in sbrugna...
Security Bulletin: Security Vulnerabilities affect IBM Cloud Private - Kubernetes (CVE-2021-25737)
Summary Security Vulnerabilities affect IBM Cloud Private - Kubernetes Vulnerability Details CVEID: CVE-2021-25737 DESCRIPTION: Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a host network hijacking flaw due to holes in EndpointSlice validation...
Authorization Bypass
github.com/istio/istio is vulnerable to authorization bypass. The vulnerability exists in the forgetEndpoint function in endpointslice.go file allowing an attacker to bypass and gain access to the protected resource...
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes API server security vulnerability (CVE-2021-25737)
Summary Red Hat OpenShift on IBM Cloud is affected by a security vulnerability in the Kubernetes API server that could allow a user to redirect pod traffic to private networks on a node CVE-2021-25737. Vulnerability Details CVEID: CVE-2021-25737 Description: Kubernetes could allow a remote...
OESA-2021-1373 kubernetes security update
Container cluster management. Security Fixes: A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not...
GHSA-MFV7-GQ43-W965 Incomplete List of Disallowed Inputs in Kubernetes
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
DEBIAN-CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
Design/Logic Flaw
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
CVE-2021-25737
CVE-2021-25737 describes a Kubernetes EndpointSlice validation flaw enabling host-network hijacking. A remote authenticated attacker could redirect pod traffic to private networks on a Node and potentially access sensitive information. Root cause: holes in EndpointSlice validation that allowed un...
CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
PT-2021-6816 · Unknown +2 · Kubernetes +1
Name of the Vulnerable Software and Affected Versions: Kubernetes affected versions not specified Description: A security issue in Kubernetes allows a remote attacker to redirect pod traffic to private networks on a Node, potentially accessing confidential data and compromising its integrity. The...
Kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack
Summary: A user with permission to create Services and EndpointSlices can configure these resources to allow sending traffic to arbitrary ports in the host network. Kubernetes Version: Any version with EndpointSliceProxying enabled, default in 1.19+ Component Version: 1.19+ Steps To Reproduce:...