CNNVD-202601-4318 Information

CNNVD ID

CNNVD-202601-4318

Related CVE

CVE-2026-24470

• CNNVD Published: 2026-01-26

Description (Chinese)

Skipper是Zalando SE开源的一个用于服务组合的 HTTP 路由器和反向代理。 Skipper 0.24.0之前版本存在代码问题漏洞，该漏洞源于权限配置不当，可能导致用户创建路由访问内部服务。

Description (English)

Skipper is a HTTP router and reverse agent for service combinations at Zalando SE open source. There is a code problem gap in the pre-Skipper 0.24.0 version, which stems from the inappropriate allocation of privileges, which may lead users to create route access to internal services.

Hazard Level

Medium

Vulnerability Type

代码问题

Affected Vendor

Zalando SE

Published

2026-01-26

Last Modified

2026-02-24

References

https://github.com/zalando/skipper/commit/a4c87ce029a58eb8e1c2c1f93049194a39cf6219 https://github.com/zalando/skipper/security/advisories/GHSA-mxxc-p822-2hx9 https://kubernetes.io/docs/concepts/services-networking/service/#externalname

Patch

https://opensource.zalando.com/skipper/