Количество 8
Количество 8
GHSA-j9wf-vvm6-4r9w
Unverified Ownership in Kubernetes
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
CVE-2020-8554
CVE-2020-8554
Kubernetes API server in all versions allow an attacker who is able to ...
ELSA-2021-9029
ELSA-2021-9029: olcne security update (IMPORTANT)
ELSA-2021-9028
ELSA-2021-9028: olcne security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-j9wf-vvm6-4r9w Unverified Ownership in Kubernetes | CVSS3: 5 | 30% Средний | больше 3 лет назад |
 | CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | CVSS3: 6.3 | 30% Средний | больше 4 лет назад |
 | CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | CVSS3: 6.3 | 30% Средний | больше 4 лет назад |
 | CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | CVSS3: 6.3 | 30% Средний | больше 4 лет назад |
 | CVSS3: 5 | 30% Средний | больше 1 года назад | |
| CVE-2020-8554 Kubernetes API server in all versions allow an attacker who is able to ... | CVSS3: 6.3 | 30% Средний | больше 4 лет назад |
| ELSA-2021-9029 ELSA-2021-9029: olcne security update (IMPORTANT) | больше 4 лет назад | ||
| ELSA-2021-9028 ELSA-2021-9028: olcne security update (IMPORTANT) | больше 4 лет назад |
Уязвимостей на страницу