Kubernetes API Server acts as proxy for internal and external IPs

Severity

Unspecified

Description

Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote authenticated user is able to send HTTP requests through the Kubernetes API server within the server's network.

Affected VMware Products and Versions

Severity is unspecified unless otherwise noted.

Pivotal Container Service (PKS)
- versions 1.2.x prior to 1.2.5

Mitigation

Users of affected versions should apply the following mitigation:

Pivotal recommends upgrading the following releases:
- Pivotal Container Service (PKS)
  - Upgrade 1.2.x versions to 1.2.5 or greater

References

https://www.cloudfoundry.org/blog/k8s-api-server-proxy
https://github.com/kubernetes/kubernetes/pull/71980

History

2019-01-08: Initial vulnerability report published.

Tanzu のメリット

製品

コンサルティング

詳細情報