A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
References
Link | Resource |
---|---|
https://github.com/kubernetes/kubernetes/issues/104720 | Mitigation Third Party Advisory |
https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY | Mailing List Mitigation |
https://security.netapp.com/advisory/ntap-20211014-0002/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: kubernetes
Published: 2021-09-15T00:00:00
Updated: 2021-10-14T08:06:21
Reserved: 2020-02-03T00:00:00
Link: CVE-2020-8561
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-20T17:15:08.187
Modified: 2021-11-06T03:04:43.630
Link: CVE-2020-8561
JSON object: View
Redhat Information
No data.