kubernetes: Server side request forgery (SSRF) in kube-controller-manager allows users to leak secret information

A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...

PT-2020-20206

Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to 1.15.12 Kubernetes versions prior to 1.16.9 Kubernetes versions prior to 1.17.5 Kubernetes versions 1.0 through 1.14 Kubernetes version 1.18.0 Description The issue allows certain authorized users to leak up to 500...