threat model was also a force-multiplier for the fuzzing work that led to the discovery of a few missed edge cases when fixing the two CVEʼs. The audit started with a meeting between Ada Logics, the Vitess No Actor with local network or local file access An actor that has breached some security boundaries of the environment to get to the position of having access to the local network or file system. Yes attacker who has compromised the machine running VTAdmin may escalate privileges by listening on the network. For example, VTAdmin-api connects to Vtctld over GRPC. At this stage the request is already authenticated

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 Ports and Network interactions in Vitess 362 Reparenting . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340 Ports and Network interactions in Vitess 340 Reparenting . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Ports and Network interactions in Vitess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically availability zone. Vitess gracefully handles cell-level failures, such as when a cell is cut off the network. Each cell in a Vitess implementation has a local topology service, which is hosted in that cell

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically availability zone. Vitess gracefully handles cell-level failures, such as when a cell is cut off the network. Each cell in a Vitess implementation has a local topology service, which is hosted in that cell

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically availability zone. Vitess gracefully handles cell-level failures, such as when a cell is cut off the network. Each cell in a Vitess implementation has a local topology service, which is hosted in that cell

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically availability zone. Vitess gracefully handles cell-level failures, such as when a cell is cut off the network. Each cell in a Vitess implementation has a local topology service, which is hosted in that cell

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 5 Network Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Data center, availability zone or group of computing resources A cell is a group of servers and network infrastructure collocated in an area, and isolated from failures in other cells. It is typically availability zone. Vitess gracefully handles cell-level failures, such as when a cell is cut off the network. Each cell in a Vitess implementation has a local topology service, which is hosted in that cell

investigated for common problems like AllowPrivilegeEscalation, the application of name-space rules in the network policies, the running of pods in privileged mode, and the characteristics of the DefaultServiceAccounts fragment does have an effect, it was found to be impossible to break out of the base directory. • The network communication between the different Kubernetes application pods was analyzed in order to find potential