Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubernetes CVE-2022-3294: Node address isn't always verified when proxying #1429

Closed
Tracked by #1400
markapruett opened this issue Nov 10, 2022 · 1 comment
Closed
Tracked by #1400

Kubernetes CVE-2022-3294: Node address isn't always verified when proxying #1429

markapruett opened this issue Nov 10, 2022 · 1 comment
Labels
area/security kubernetes

Comments

@markapruett
Copy link
Member

K8s Security Announcement
https://groups.google.com/g/kubernetes-security-announce/c/VyPOxF7CIbA

CVE-2022-3294: Node address isn't always verified when proxying

A security issue was discovered in Kubernetes where users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them.
@markapruett markapruett changed the title CVE-2022-3294: Node address isn't always verified when proxying Kubernetes CVE-2022-3294: Node address isn't always verified when proxying Nov 10, 2022
This was referenced Nov 10, 2022
Closed
Closed
Closed
Closed
Closed
@markapruett
Copy link
Member Author

Released today in all supported versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/security kubernetes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@markapruett