Описание
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/focal | not-affected | code not present |
| esm-apps/jammy | not-affected | code not present |
| esm-apps/noble | not-affected | code not present |
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
5.8 Medium
CVSS3
Связанные уязвимости
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).
A half-blind Server Side Request Forgery (SSRF) vulnerability exists i ...
kube-controller-manager is vulnerable to half-blind Server Side Request Forgery through in-tree Portworx StorageClass
EPSS
5.8 Medium
CVSS3