github.com/gardener/gardener is vulnerable to information disclosure. It does not block traffic from shoot to seed via the VPN endpoint, causing lack of correct access control enforcement in seed clusters. Therefore, an attacker can send HTTP GET request from one’s own shoot clusters to foreign shoot clusters.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gardener/gardener | eq | HEAD | |
github.com/gardener/gardener | le | 0.22.0 |