mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-23 02:29:40 +02:00
0xMarcio
3.0 KiB
3.0 KiB
CVE-2020-8554
Description
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.
POC
Reference
- https://github.com/kubernetes/kubernetes/issues/97076
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujan2022.html
Github
- https://github.com/43622283/awesome-cloud-native-security
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Container-Security-Training/KubeCon-EU-25
- https://github.com/DoD-Platform-One/Kyverno-Policies
- https://github.com/DogchampDiego/foran-attack
- https://github.com/Dviejopomata/CVE-2020-8554
- https://github.com/Live-Hack-CVE/CVE-2020-8554
- https://github.com/Metarget/awesome-cloud-native-security
- https://github.com/Metarget/metarget
- https://github.com/NetAI-Intern/cilium-helm-chart
- https://github.com/PhilipSchmid/k8s-home-lab
- https://github.com/SexyBeast233/SecBooks
- https://github.com/SnekCode/Kyverno-Policies
- https://github.com/adavarski/HomeLab-Proxmox-k8s-DevSecOps-playground
- https://github.com/adavarski/HomeLab-k8s-DevSecOps-playground
- https://github.com/alebedev87/gatekeeper-cve-2020-8554
- https://github.com/alphaSeclab/sec-daily-2020
- https://github.com/atesemre/awesome-cloud-native-security
- https://github.com/blomquistr/admission-controller-base
- https://github.com/cdk-team/CDK
- https://github.com/champtar/blog
- https://github.com/cloudnative-security/hacking-kubernetes
- https://github.com/cruise-automation/k-rail
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/g3rzi/HackingKubernetes
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/jrmurray000/CVE-2020-8554
- https://github.com/k1LoW/oshka
- https://github.com/kajogo777/kubernetes-misconfigured
- https://github.com/kubemod/kubemod
- https://github.com/kubernetes-sigs/externalip-webhook
- https://github.com/neargle/re0-kubernetes-sec-archive
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/rancher/externalip-webhook
- https://github.com/reni2study/Cloud-Native-Security2
- https://github.com/soosmile/POC
- https://github.com/tarihub/offlinepost
- https://github.com/tarimoe/offlinepost
- https://github.com/tmawalt12528a/eggshell1
- https://github.com/tonybreak/CDK_bak
- https://github.com/twistlock/k8s-cve-2020-8554-mitigations