DescriptionA flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in the kube-apiserver made it possible to bypass this validation. Bypassing this validation allows authenticated requests destined for Nodes to redirect to the API Server through its private network.A flaw was found in Kubernetes, where users may have access to secure endpoints in the control plane network. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in the kube-apiserver made it possible to bypass this validation. Bypassing this validation allows authenticated requests destined for Nodes to redirect to the API Server through its private network.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Vulmon