blog
blog copied to clipboard
-
Kubernetes hostPort allow services traffic interception when using kubeproxy IPVS (CVE-2019-9946)
-
Host MITM attack via IPv6 rogue router advertisements (K8S / Docker / LXD / WSL2 / ...)
-
Bridge firewalling "bypass" using VLAN 0
-
Kubernetes MITM using LoadBalancer or ExternalIPs (CVE-2020-8554)
-
Metadata service MITM allows root privilege escalation (EKS / GKE)
-
runc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs (CVE-2021-30465)
-
Layer 2 network security bypass using VLAN 0, LLC/SNAP headers and invalid length