|
|
|
|
|
|
by klooney
147 days ago
|
|
|
> nodes/proxy GET allows command execution when using a connection protocol such as WebSockets. This is due to the Kubelet making authorization decisions based on the initial WebSocket handshake’s request without verifying CREATE permissions are present for the Kubelet’s /exec endpoint requiring different permissions depending solely on the connection protocol. That's rough |
|
|