A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: kubernetes

Published: 2021-09-20T17:05:16.328714Z

Updated: 2024-09-16T22:29:49.855Z

Reserved: 2020-02-03T00:00:00

Link: CVE-2020-8561

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-09-20T17:15:08.187

Modified: 2024-11-21T05:39:02.050

Link: CVE-2020-8561

cve-icon Redhat

Severity : Moderate

Publid Date: 2021-09-15T00:00:00Z

Links: CVE-2020-8561 - Bugzilla