3 matches found
CVE-2021-25737 Holes in EndpointSlice Validation Enable Host Network Hijack
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs...
kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack
A security issue was discovered in Kubernetes where an authorized user may be able to redirect traffic to private networks on a Node. An untrusted user could exploit this by creating or modifying EndpointSlices to point to localhost or link-local addresses...
Kubernetes: Holes in EndpointSlice Validation Enable Host Network Hijack
Summary: A user with permission to create Services and EndpointSlices can configure these resources to allow sending traffic to arbitrary ports in the host network. Kubernetes Version: Any version with EndpointSliceProxying enabled, default in 1.19+ Component Version: 1.19+ Steps To Reproduce:...