Headline
GHSA-35c7-w35f-xwgh: Kube-proxy may unintentionally forward traffic
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (spec.ports[*].port
) as a LoadBalancer Service when the LoadBalancer controller does not set the status.loadBalancer.ingress[].ip
field. Clusters
where the LoadBalancer controller sets the status.loadBalancer.ingress[].ip
field are unaffected.
Kube-proxy may unintentionally forward traffic
Moderate severity GitHub Reviewed Published Oct 30, 2023 to the GitHub Advisory Database • Updated Oct 31, 2023
Related news
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.