| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Access restriction bypass |
|
| Description |
| + |
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeControllerManager logs. |
|
| References |
| + |
https://github.com/kubernetes/kubernetes/issues/101493 |
|
| Notes |
| + |
Workaround |
| + |
========== |
| + |
|
| + |
If this issue affects your clusters’ control planes, you can use dnsmasq for name resolution and configure the min-cache-ttl and neg-ttl parameters to a low non-zero value to enforce cached replies for proxied connections. |
|