Javier Provecho

Name of the Vulnerable Software and Affected Versions: Kubernetes versions prior to a fixed version (no specific fixed version mentioned) Description: The issue concerns a mitigation attempt by Kubernetes to prevent proxied connections from accessing link-local or localhost networks. However, a user may be able to bypass the proxy IP restriction and access private networks on the control plane if a non-standard DNS server returns different non-cached responses. This can be exploited through various methods, including proxying on addresses outside the cluster, SSRF through fake nodes, and exploiting a TOCTOU vulnerability. The estimated number of potentially affected devices is not specified. Recommendations: As a temporary workaround, consider disabling the `kubectl proxy` function until a patch is available. Restrict access to the Kubernetes API Server to minimize the risk of exploitation. Avoid using the `status` field in Pod manifests to proxy requests to arbitrary addresses. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Harbor versions 2.0 through 2.0.4 Harbor versions 2.1.x through 2.1.1 Description: The catalog's registry API is exposed on an unauthenticated path, allowing bypass of authorization. The vulnerable API endpoint is "GET /v2/ catalog/" which can be accessed without authentication by adding a trailing slash to the path. Recommendations: For Harbor versions 2.0 through 2.0.4, update to version 2.0.5 to fix this issue immediately. For Harbor versions 2.1.x through 2.1.1, update to version 2.1.2 to fix this issue immediately. As a temporary workaround, consider disabling the vulnerable API endpoint or redirecting it to a 404 sink hole in the ingress if updating to a patched version is not possible.