CVE-2020-8562 - log back

CVE-2020-8562 edited at 04 May 2021 18:44:55
- Unknown
+ Low
- Unknown
+ Remote
- Unknown
+ Access restriction bypass
+ A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components. Kubernetes clusters are only affected if an untrusted user can create or modify Node objects and proxy to them, or an untrusted user can create or modify StorageClass objects and access KubeControllerManager logs.
+ Workaround
+ ==========
+ If this issue affects your clusters’ control planes, you can use dnsmasq for name resolution and configure the min-cache-ttl and neg-ttl parameters to a low non-zero value to enforce cached replies for proxied connections.
CVE-2020-8562 created at 04 May 2021 18:43:23