Evaluate: check net.ipv4.conf.all.route_localnet
cdxy edited this page
Jan 22, 2021
Clone this wiki locally
This vulnerability(CVE-2020-8558) allows attackers to connect node localhost service port inside k8s pod.
See more in
... [Information Gathering - Sysctl Variables] 2021/01/20 16:07:02 net.ipv4.conf.all.route_localnet = 1 2021/01/20 16:07:02 You may be able to access the localhost service of the current container node or other nodes. 2021/01/20 16:07:02 CVE-2020-8558: The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Node setting allows for neighboring hosts to bypass localhost boundary. ...