Vulnerability Details CVE-2020-8561
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.9%
CVSS Severity
CVSS v3 Score 4.1
CVSS v2 Score 4.0
References
- https://github.com/kubernetes/kubernetes/issues/104720
- https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY
- https://security.netapp.com/advisory/ntap-20211014-0002/
- https://github.com/kubernetes/kubernetes/issues/104720
- https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY
- https://security.netapp.com/advisory/ntap-20211014-0002/
Products affected by CVE-2020-8561
-
cpe:2.3:a:kubernetes:kubernetes:1.20.11
-
cpe:2.3:a:kubernetes:kubernetes:1.21.5
-
cpe:2.3:a:kubernetes:kubernetes:1.22.2