CVE-2020-8561 - OpenCVE

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Kubernetes	Kubernetes

Configuration 1 [-]

OR	cpe:2.3:a:kubernetes:kubernetes:1.20.11:-::::::
	cpe:2.3:a:kubernetes:kubernetes:1.21.5:-::::::
	cpe:2.3:a:kubernetes:kubernetes:1.22.2:-::::::

References

Link	Resource
https://github.com/kubernetes/kubernetes/issues/104720	Mitigation Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY	Mailing List Mitigation
https://security.netapp.com/advisory/ntap-20211014-0002/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published: 2021-09-15T00:00:00

Updated: 2021-10-14T08:06:21

Reserved: 2020-02-03T00:00:00

Link: CVE-2020-8561

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-20T17:15:08.187

Modified: 2021-11-06T03:04:43.630

Link: CVE-2020-8561

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "Kubernetes", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "1.20.11", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.20.11", "versionType": "custom"}, {"lessThanOrEqual": "1.21.5", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.21.5", "versionType": "custom"}, {"lessThanOrEqual": "1.22.2", "status": "affected", "version": "unspecified", "versionType": "custom"}, {"lessThan": "unspecified", "status": "unknown", "version": "next of 1.22.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "QiQi Xu"}], "datePublic": "2021-09-15T00:00:00", "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-441", "description": "CWE-441 Unintended Proxy or Intermediary", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-14T08:06:21", "orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kubernetes/kubernetes/issues/104720"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211014-0002/"}], "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/104720"], "discovery": "EXTERNAL"}, "title": "Webhook redirect in kube-apiserver", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@kubernetes.io", "DATE_PUBLIC": "2021-09-15T21:15:00.000Z", "ID": "CVE-2020-8561", "STATE": "PUBLIC", "TITLE": "Webhook redirect in kube-apiserver"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Kubernetes", "version": {"version_data": [{"version_affected": "<=", "version_value": "1.20.11"}, {"version_affected": ">?", "version_value": "1.20.11"}, {"version_affected": "<=", "version_value": "1.21.5"}, {"version_affected": ">?", "version_value": "1.21.5"}, {"version_affected": "<=", "version_value": "1.22.2"}, {"version_affected": ">?", "version_value": "1.22.2"}]}}]}, "vendor_name": "Kubernetes"}]}}, "credit": [{"lang": "eng", "value": "QiQi Xu"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-441 Unintended Proxy or Intermediary"}]}]}, "references": {"reference_data": [{"name": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY", "refsource": "MISC", "url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"}, {"name": "https://github.com/kubernetes/kubernetes/issues/104720", "refsource": "MISC", "url": "https://github.com/kubernetes/kubernetes/issues/104720"}, {"name": "https://security.netapp.com/advisory/ntap-20211014-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211014-0002/"}]}, "source": {"defect": ["https://github.com/kubernetes/kubernetes/issues/104720"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "assignerShortName": "kubernetes", "cveId": "CVE-2020-8561", "datePublished": "2021-09-15T00:00:00", "dateReserved": "2020-02-03T00:00:00", "dateUpdated": "2021-10-14T08:06:21", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.20.11:-:*:*:*:*:*:*", "matchCriteriaId": "1E602175-D34A-44F2-88CD-C0D2C5D240EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.21.5:-:*:*:*:*:*:*", "matchCriteriaId": "0CBB908A-7235-4F5A-AD59-9E11B77A4CA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:1.22.2:-:*:*:*:*:*:*", "matchCriteriaId": "8A1DF02D-B561-445F-8262-3A9F6762CBC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."}, {"lang": "es", "value": "Se ha detectado un problema de seguridad en Kubernetes donde los actores que controlan las respuestas de las peticiones MutatingWebhookConfiguration o ValidatingWebhookConfiguration son capaces de redirigir las peticiones de kube-apiserver a redes privadas del apiserver. Si ese usuario puede visualizar los registros de kube-apiserver cuando el nivel de registro se establece en 10, puede visualizar las respuestas redirigidas y los encabezados en los registros"}], "id": "CVE-2020-8561", "lastModified": "2021-11-06T03:04:43.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2021-09-20T17:15:08.187", "references": [{"source": "jordan@liggitt.net", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/issues/104720"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Mitigation"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY"}, {"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211014-0002/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-441"}], "source": "jordan@liggitt.net", "type": "Secondary"}]}