Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-35c7-w35f-xwgh: Kube-proxy may unintentionally forward traffic

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (spec.ports[*].port) as a LoadBalancer Service when the LoadBalancer controller does not set the status.loadBalancer.ingress[].ip field. Clusters where the LoadBalancer controller sets the status.loadBalancer.ingress[].ip field are unaffected.

ghsa
#windows#git

Kube-proxy may unintentionally forward traffic

Moderate severity GitHub Reviewed Published Oct 30, 2023 to the GitHub Advisory Database • Updated Oct 31, 2023

Related news

CVE-2021-25736: For LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP by sbangari · Pull Request #99958 · kubernetes/kubernetes

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.