Coredns

Modification of the CoreDNS or kube-dns ConfigMap in the kube-system namespace can lead to cluster-wide DNS poisoning, enabling man-in-the-middle attacks against internal services and the Kubernetes API server.

CoreDNS' DNS-over-QUIC (DoQ) server can be driven into large goroutine and memory growth by a remote client that opens many QUIC streams and stalls after sending only 1 byte, leading to denial of service in versions before 1.14.3.

CoreDNS versions prior to 1.14.3 are vulnerable to TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports, allowing unauthenticated network attackers to bypass authentication and potentially access TSIG-protected zone data or submit dynamic DNS updates.

CoreDNS is vulnerable to a denial-of-service attack where processing oversized DNS-over-HTTPS GET requests exhausts resources prior to returning an error.

CoreDNS' transfer plugin prior to version 1.14.3 can select the wrong ACL stanza due to lexicographic comparison, leading to unauthorized zone transfers by clients intended to be denied by subzone-specific transfer policies.