6 matches found
Server Side Request Forgery (SSRF) in Kubernetes
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
Server Side Request Forgery (SSRF)
github.com/kubernetes/kubernetes is vulnerable to Server Side Request Forgery SSRF. An attacker with a privilege to create a pod with certain built-in Volume types GlusterFS, Quobyte, StorageFS, ScaleIO or to create a StorageClass can cause an authenticated user to leak the resources from the...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
Server-Side Request Forgery (SSRF)
The Kubernetes kube-controller-manager is vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to bytes of arbitrary information from unprotected endpoints within the master's host network such as link-local or loopback services...
CVE-2020-8555
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery SSRF that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints...
CVE-2020-8555
A server side request forgery SSRF flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the...