mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
1.5 KiB
1.5 KiB
CVE-2020-8562
%20Race%20Condition&color=brighgreen)
Description
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane.
POC
Reference
No PoCs from references.
Github
- https://github.com/43622283/awesome-cloud-native-security
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Metarget/awesome-cloud-native-security
- https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground
- https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground
- https://github.com/atesemre/awesome-cloud-native-security