Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-8561

Опубликовано: 15 сент. 2021
Источник: redhat
CVSS3: 4.1
EPSS Низкий

Описание

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

A flaw was found in Kubernetes. This flaw allows an actor that controls the responses of the MutatingWebhookConfiguration or the ValidatingWebhookConfiguration requests to redirect kube-apiserver requests to the private network of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs, potentially revealing sensitive information in its responses.

Отчет

OpenShift Container Platform 4 does not support logging levels higher than 8 in the kube-apiserver (via the 'TraceAll' option), thereby making it not affected by this vulnerability. https://docs.openshift.com/container-platform/4.8/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.html https://github.com/openshift/api/blob/release-4.8/operator/v1/types.go#L103

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11atomic-openshiftOut of support scope
Red Hat OpenShift Container Platform 4openshiftNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-601
https://bugzilla.redhat.com/show_bug.cgi?id=2000366kubernetes: Webhook redirect in kube-apiserver

EPSS

Процентиль: 48%
0.00244
Низкий

4.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-8561

CVSS3: 4.1
ubuntu
около 4 лет назад

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

nvd логотип

CVE-2020-8561

CVSS3: 4.1
nvd
около 4 лет назад

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

msrc логотип

CVE-2020-8561

CVSS3: 4.1
msrc
около 1 месяца назад

Webhook redirect in kube-apiserver

debian логотип

CVE-2020-8561

CVSS3: 4.1
debian
около 4 лет назад

A security issue was discovered in Kubernetes where actors that contro ...

github логотип

GHSA-74j8-88mm-7496

CVSS3: 4.1
github
около 4 лет назад

Confused Deputy in Kubernetes

EPSS

Процентиль: 48%
0.00244
Низкий

4.1 Medium

CVSS3