漏洞描述
Kubernetes(简称K8SQ)是Google在2014年开源的一个容器集群管理系统。它用于容器化应用程序的部署、扩展和管理,目标是让部署容器化应用简单且高效。漏洞存在于Kubernetes的1.18.6版本之前,可能导致未经授权的用户访问攻击。漏洞的细节在于Kubelet组件中存在一个调试端点(/debug/pprof)的暴露,该端点可以通过未经授权的Kubelethealthzi端口访问。
Google Kubernetes /debug/pprof/goroutine 信息泄露漏洞(CVE-2019-11248)
PoC代码
暂无相关漏洞推荐
- WordPress Google for WooCommerce /wp-content/plugins/google-listings-and-ads/vendor/googleads/google-ads-php/scripts/print_php_information.php 信息泄露漏洞(CVE-2024-10486)
- POC CVE-2015-2755: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
- POC CVE-2017-18556: Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting
- POC CVE-2017-18557: Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting
- POC CVE-2018-18264: Kubernetes Dashboard <1.10.1 - Authentication Bypass
- POC CVE-2018-3810: Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass
- POC CVE-2019-10692: WordPress Google Maps <7.11.18 - SQL Injection
- POC CVE-2019-11248: Debug Endpoint pprof - Exposure Detection
- POC CVE-2019-9912: WP Google Maps < 7.10.43 - Cross-Site Scripting
- POC CVE-2022-0346: WordPress XML Sitemap Generator for Google <2.0.4 - Cross-Site Scripting/Remote Code Execution
- POC CVE-2023-32117: Integrate Google Drive <= 1.1.99 - Missing Authorization via REST API Endpoints
- POC CVE-2023-6697: WP Go Maps (formerly WP Google Maps) < 9.0.29 - Cross-Site Scripting
- POC CVE-2024-0250: Analytics Insights for Google Analytics 4 < 6.3 - Open Redirect