Summary
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
When the application is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown.
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header.
server.rs
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
kubectl port-forward -n 4191
curl -X POST http://localhost:4191/shutdown.
Ideally, Linkerd should reject requests if the header is missing.
Impact
What kind of vulnerability is it? Who is impacted?
A denial-of-service (DoS) attack
Summary
Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server.
When the application is susceptible to SSRF, an attacker could potentially trigger a denial-of-service (DoS) attack by making requests to localhost:4191/shutdown.
Details
Give all details on the vulnerability. Pointing to the incriminated source code is very helpful for the maintainer.
Linkerd could introduce an optional environment variable to control a token that must be passed as a header. Linkerd should reject shutdown requests that do not include this header.
server.rs
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Ideally, Linkerd should reject requests if the header is missing.
Impact
What kind of vulnerability is it? Who is impacted?
A denial-of-service (DoS) attack