Описание
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
A server side request forgery (SSRF) flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the master's host network. This can include secrets from the kube-apiserver through the unauthenticated localhost port (if enabled).
Отчет
OpenShift Container Platform does not expose kube-apiserver through an unauthenticated localhost port. However, other link-local addresses are reachable without authentication that allow an attacker to access sensitive data. The version of heketi shipped with Red Hat Gluster Storage 3 includes the affected client side code for heketi and quobyte volume plugin, however the vulnerable functionality is currently not used by the product and hence this issue has been rated as having a security impact of Low. Red Hat Openshift Container Storage 4.2 is not affected by this vulnerability as rook-ceph-operator container does not include support for affected volume plugins(storageos, scaleio, glusterfs, quobyte).
Меры по смягчению последствий
Restrict use of the vulnerable volume type and restrict StorageClass write permissions via RBAC
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Openshift Container Storage 4 | ocs4/rook-ceph-rhel8-operator | Not affected | ||
| Red Hat Storage 3 | heketi | Affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHSA-2020:2479 | 18.06.2020 |
| Red Hat OpenShift Container Platform 4.2 | openshift | Fixed | RHSA-2020:2594 | 01.07.2020 |
| Red Hat OpenShift Container Platform 4.3 | openshift | Fixed | RHSA-2020:2440 | 17.06.2020 |
| Red Hat OpenShift Container Platform 4.3 | openshift4/ose-hyperkube | Fixed | RHSA-2020:2441 | 17.06.2020 |
| Red Hat OpenShift Container Platform 4.4 | openshift | Fixed | RHSA-2020:2448 | 17.06.2020 |
| Red Hat OpenShift Container Platform 4.4 | openshift4/ose-hyperkube | Fixed | RHSA-2020:2449 | 17.06.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.3 Medium
CVSS3
Связанные уязвимости
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).
The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...
Server Side Request Forgery (SSRF) in Kubernetes
ELSA-2020-5727: kubernetes-cni-plugins kubernetes-cni kubernetes olcne security update (IMPORTANT)
EPSS
6.3 Medium
CVSS3