CVE-2019-12494
Published
CVSS v3
N/A
CVSS v2
5
MEDIUM
Affected
2
PROJECTS
Description
In Gardener before 0.20.0, incorrect access control in seed clusters allows information disclosure by sending HTTP GET requests from one's own shoot clusters to foreign shoot clusters. This occurs because traffic from shoot to seed via the VPN endpoint is not blocked.
Network connector between the control plane (deployed in a Seed cluster) and a Shoot cluster.
GitHubHomogeneous Kubernetes clusters at scale on any infrastructure using hosted control planes.
GitHub