VDB
GCVE-110-CLOUD-2020-0024
GCVE-110-CLOUD-2020-0024
Advisory Published
An attacker with access to a hostNetwork=true container with CAP_NET_RAW
capability can listen to all the traffic going through the host and inject arbitrary
traffic, allowing to tamper with most unencrypted traffic (HTTP, DNS, DHCP, ...),
and disrupt encrypted traffic. In GKE the host queries the metadata service at
http://169[.]254.169.254 to get information, including the authorized SSH keys.
By manipulating the metadata service responses and injecting our own SSH key, it
is possible to gain root privilege on the host.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| GCP | GKE, EKS | — | — |
| AWS | GKE, EKS | — | — |
| AWS | EKS | — | — |
| AWS | SES | — | — |
References
Browse GCVE Records
72,337 records in the GCVE database · Updated July 14, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.