Permission check due: Kubernetes fixes information leak in kube-controller-manager A medium severity Server Side Request Forgery vulnerability has been found in Kubernetes’ kube-controller-manager – fixes are now available, so get updating. The security issue, which has been assigned the CVE ID CVE-2020-8555, allows users with a permission to either create a pod with GlusterFS, Quobyte, StorageFS, or ScaleIO, or a StorageClass “to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master’s host network”. The vulnerability affects all versions of kube-controller-manager older than 1.15.11,

Read more