All Vulnerability Reports

Kubernetes API Server acts as proxy for internal and external IPs


Severity

Unspecified

Description

Kubernetes API, versions 1.11.x prior to 1.11.6, 1.12.x prior to 1.12.4, contains an improper proxy. A remote authenticated user is able to send HTTP requests through the Kubernetes API server within the server's network.

Affected Pivotal Products and Versions

Severity is unspecified unless otherwise noted.

  • Pivotal Container Service (PKS)
    • versions 1.2.x prior to 1.2.5
Mitigation

Users of affected versions should apply the following mitigation:

  • Pivotal recommends upgrading the following releases:
    • Pivotal Container Service (PKS)
      • Upgrade 1.2.x versions to 1.2.5 or greater
References
History

2019-01-08: Initial vulnerability report published.

Questions?