CVE-2021-25735_Kubernetes_准入機制繞過漏洞

# CVE-2021-25735 Kubernetes 准入機制繞過漏洞
==影響版本==

kube-apiserver v1.20.0 - v1.20.5
kube-apiserver v1.19.0 - v1.19.9
kube-apiserver <= v1.18.17

==漏洞利用==
通過執行組合操作將changeAllowed標籤更改為true並添加一個新標籤,觸發該漏洞,新的值已被准入控制器覆蓋:

 labels:  
    test: test  
    changeAllowed: "true"

==參考==
https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/

https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/

https://github.com/darryk10/CVE-2021-25735

https://nvd.nist.gov/vuln/detail/CVE-2021-25735

https://cloud.google.com/kubernetes-engine/docs/security-bulletins

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容