Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Omni Wireguard SideroLink potential escape
Vulnerability Description
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mutually authenticate and authorize access. The WireGuard interface on Omni is configured to ensure that the source IP address of an incoming packet matches the IPv6 address assigned to the Talos peer. However, it performs no validation on the packet's destination address. The Talos end of the SideroLink connection cannot be considered a trusted environment. Workloads running on Kubernetes, especially those configured with host networking, could gain direct access to this link. Therefore, a malicious workload could theoretically send arbitrary packets over the SideroLink interface. This issue has been patched in version 0.48.0.
CVSS Information
N/A
Vulnerability Type
授权机制不正确
Vulnerability Title
omni 安全漏洞
Vulnerability Description
omni是Sidero Labs, Inc.开源的一个Kubernetes的部署工具。 Omni 0.48.0之前版本存在安全漏洞,该漏洞源于未验证数据包目标地址,可能导致恶意负载通过SideroLink接口发送任意数据包。
CVSS Information
N/A
Vulnerability Type
N/A