6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%
github.com/kubernetes/kubernetes is vulnerable to Misconfiguration of LoadBalancer Service. The vulnerability is present in the proxier.go
. In the context of Kube-proxy on Windows, there is an issue where it can inadvertently forward traffic to local processes that are listening on the same port as specified in the spec.ports[*].port
of a LoadBalancer Service. This happens when the LoadBalancer controller fails to set the status.loadBalancer.ingress[].ip
field. Clusters where the LoadBalancer controller correctly sets the status.loadBalancer.ingress[].ip
fields are not affected by this vulnerability
github.com/kubernetes/kubernetes/commit/04eced5c6716abf6b65da17e84afef1f49edacce
github.com/kubernetes/kubernetes/commit/7bf7b600d99c0d604155643b2fb57af18bdbe47c
github.com/kubernetes/kubernetes/commit/8d7f96f7d4e914d5f12a33de0a6ee47adf1d83c2
github.com/kubernetes/kubernetes/commit/e3c95e50ecd1114f07c24b41912720a77b7fa589
github.com/kubernetes/kubernetes/pull/99958
groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ
security.netapp.com/advisory/ntap-20231221-0003/
6.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
6.7 Medium
AI Score
Confidence
High
2.1 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:S/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
28.1%