Описание
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| kubernetes | fixed | 1.20.5+really1.20.2-1 | package |
Примечания
Server components no longer built since 1.20.5+really1.20.2-1, marking that as fixed version
The source package itself it still vulnerable, but custom rebuilds are not really a usecase here
https://www.openwall.com/lists/oss-security/2021/07/14/1
Связанные уязвимости
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Уязвимость корпоративной платформы Red Hat OpenShift Container Platform, связанная с ошибками проведения процедуры авторизации, позволяющая нарушителю получить доступ к защищаемой информации