A server side request forgery (SSRF) flaw was found in Kubernetes. The kube-controller-manager allows authorized users with the ability to create StorageClasses or certain Volume types to leak up to 500 bytes of arbitrary information from the masterโs host network. This can include secrets from the kube-apiserver through the unauthenticated localhost port (if enabled).
Restrict use of the vulnerable volume type and restrict StorageClass write permissions via RBAC