CVE-2020-8554 PoC — Kubernetes 安全漏洞

Source

https://github.com/alebedev87/gatekeeper-cve-2020-8554

Associated Vulnerability

Title:Kubernetes 安全漏洞 (CVE-2020-8554)
Description:Kubernetes是美国Linux基金会的一套开源的Docker容器集群管理系统。该系统为容器化的应用提供资源调度、部署运行、服务发现和扩容缩容等功能。 Kubernetes 存在安全漏洞，攻击者可利用该漏洞可以通过Kubernetes上的LoadBalancer ExternalIP充当中间人，以便在会话中读取或写入数据。

Readme

# Gatekeeper constraint for CVE-2020-8554

## Install OPA client
Follow [the instructions](https://www.openpolicyagent.org/docs/latest/#1-download-opa).

## Run unit tests
```bash
$ opa test --ignore=*.yaml ./policies
# verbose output
$ opa test -v --explain=full --format=pretty --ignore=*.yaml ./policies
```

File Snapshot


 [4.0K]  /data/pocs/4b431dac579961c48ce05db1683e1552bcfda0aa
├── [4.0K]  policies
│   └── [4.0K]  externalips
│       ├── [ 511]  k8sexternalips.rego
│       ├── [1.2K]  k8sexternalips_test.rego
│       ├── [5.8K]  k8sexternalips_utils_test.rego
│       ├── [ 594]  k8sexternalips.yaml
│       └── [4.0K]  resources
│           └── [ 197]  service-must-not-have-external-ips.yaml
└── [ 311]  README.md

3 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!