blog icon indicating copy to clipboard operation
blog copied to clipboard

Published 20 hours ago verified publisher icon champtar

Metadata

  • Kubernetes hostPort allow services traffic interception when using kubeproxy IPVS (CVE-2019-9946)

  • Host MITM attack via IPv6 rogue router advertisements (K8S / Docker / LXD / WSL2 / ...)

  • Bridge firewalling "bypass" using VLAN 0

  • Kubernetes MITM using LoadBalancer or ExternalIPs (CVE-2020-8554)

  • Metadata service MITM allows root privilege escalation (EKS / GKE)

  • runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465)

  • Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid length

Metadata

16
Stars
2
Forks
Watchers

Owner

verified publisher icon champtar

Metadata

Back