A vulnerability has been found in Kubernetes kube-apiserver in which an authorized user could redirect pod traffic to private networks on a node (NVD severity of this issue: Low).
By exploiting the vulnerability, attackers can hijack your cluster’s network traffic, potentially leading to sensitive data leaks.
Targeted resources by this rule (types of kind): EndpointSlice
Enabled by default? False
Policy as code identifier: ENDPOINTSLICE_CVE2021_25373_INCORRECT_ADDRESSES_VALUE
If an EndpointSlice is created or modified with endpoints.addresses in the 127.0.0.0/8 and 169.254.0.0/16 internal ranges.
Use endpoint addresses that are not in the vulnerable ranges (127.0.0.0/8 and 169.254.0.0/16).