CVE-2018-2475

Name of the Vulnerable Software and Affected Versions Gardener versions prior to 0.12.4

Description The issue arises from missing network isolation in the Gardener architecture, allowing a shoot's apiserver to access services or endpoints in the private network of its corresponding seed cluster. When combined with other minor Kubernetes security issues, this could theoretically lead to the compromise of other shoot or seed clusters within the Gardener context. The impact of potential exploitation is considered high.

Recommendations For versions prior to 0.12.4, update to Gardener release 0.12.4 to resolve the issue. As a temporary workaround, consider restricting access to the private network of seed clusters to minimize the risk of exploitation.