Описание
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
Отчет
OpenShift Container Platform 4 is not affected by this flaw as it has included the upstream patch since version 4.1.0.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 4 | openshift | Not affected | ||
| Red Hat Storage 3 | heketi | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Fixed | RHSA-2020:5363 | 16.12.2020 |
Показывать по
Дополнительная информация
Статус:
2.6 Low
CVSS3
Связанные уязвимости
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.
Improper validation of URL redirection in the Kubernetes API server in ...
2.6 Low
CVSS3