Kubernetes: API Server DoS (crash?) if many large resources (~1MB each) are concurrently/repeatedly sent to an external Validating WebHook endpoint

Report Submission Form Summary: I was trying to explore a way to stealthily send lots of data outside a private GKE cluster by way of misusing the Validating Webhook mechanism. The idea would be that a cluster-admin could install a webhook and then initiate resources like a secret or configmap th...

Kubernetes: Man in the middle using LoadBalancer or ExternalIPs services

I rated this vulnerability as high because trying to rate it with CVSS v3.0 Calculator gives me 9.9 which seems way too high as you do require to be able to create services in the K8S cluster. Summary: This report details 2 ways to man in the middle traffic by: a creating a LoadBalancer service a...