Kubernetes API Server acts as proxy for internal and external IPs
Severity
Unspecified
Vendor
Cloud Foundry Foundation
Description
Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote authenticated user is able to send HTTP requests through the Kubernetes API server within the server's network.
Affected VMware Products and Versions
Severity is unspecified unless otherwise noted.
- Pivotal Container Service (PKS)
- versions 1.2.x prior to 1.2.5
Mitigation
Users of affected versions should apply the following mitigation:
- Pivotal recommends upgrading the following releases:
- Pivotal Container Service (PKS)
- Upgrade 1.2.x versions to 1.2.5 or greater
- Pivotal Container Service (PKS)
References
- https://www.cloudfoundry.org/blog/k8s-api-server-proxy
- https://github.com/kubernetes/kubernetes/pull/71980
History
2019-01-08: Initial vulnerability report published.