You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerable Package issue exists @ Go-k8s.io/api-v0.23.5 in branch main
Kubernetes API server in all versions prior to 1.21.0-alpha.3 allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
Vulnerable Package issue exists @ Go-k8s.io/api-v0.23.5 in branch main
Kubernetes API server in all versions prior to 1.21.0-alpha.3 allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
Namespace: diogopcx
Repository: CheckmarxDemo
Repository Url: https://github.com/diogopcx/CheckmarxDemo
CxAST-Project: diogopcx/CheckmarxDemo
CxAST platform scan: 358cac2e-8dd5-43e9-8390-980528e9e4ce
Branch: main
Application: CheckmarxDemo
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-863
Additional Info
Attack vector: NETWORK
Attack complexity: HIGH
Confidentiality impact: LOW
Availability impact: LOW
References
Advisory
Issue
Issue
Mail Thread
Pull request
Commit
The text was updated successfully, but these errors were encountered: