Описание
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
A flaw was found in Kubernetes. This flaw allows an actor that controls the responses of the MutatingWebhookConfiguration or the ValidatingWebhookConfiguration requests to redirect kube-apiserver requests to the private network of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs, potentially revealing sensitive information in its responses.
Отчет
OpenShift Container Platform 4 does not support logging levels higher than 8 in the kube-apiserver (via the 'TraceAll' option), thereby making it not affected by this vulnerability. https://docs.openshift.com/container-platform/4.8/rest_api/operator_apis/kubeapiserver-operator-openshift-io-v1.html https://github.com/openshift/api/blob/release-4.8/operator/v1/types.go#L103
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenShift Container Platform 3.11 | atomic-openshift | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | openshift | Not affected |
Показывать по
Дополнительная информация
Статус:
4.1 Medium
CVSS3
Связанные уязвимости
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
A security issue was discovered in Kubernetes where actors that contro ...
Уязвимость программного средства управления кластерами виртуальных машин Kubernetes, связанная с ошибками при обработке гипертекстовых ссылок, позволяющая нарушителю получить доступ к конфиденциальным данным
4.1 Medium
CVSS3