All Vulnerability Reports

Kubernetes API Server acts as proxy for internal and external IPs


Severity

Unspecified

Vendor

Cloud Foundry Foundation

Description

Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote authenticated user is able to send HTTP requests through the Kubernetes API server within the server's network.

Affected VMware Products and Versions

Severity is unspecified unless otherwise noted.

  • Pivotal Container Service (PKS)
    • versions 1.2.x prior to 1.2.5

Mitigation

Users of affected versions should apply the following mitigation:

  • Pivotal recommends upgrading the following releases:
    • Pivotal Container Service (PKS)
      • Upgrade 1.2.x versions to 1.2.5 or greater

References

History

2019-01-08: Initial vulnerability report published.