CVE-2020-8561
4.1MEDIUMA security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver req
게시됨: 9/20/2021업데이트됨: 11/21/2024
설명
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
AI 분석AI 기반
영향받는 제품
kuberneteskubernetes
1.20.11
kuberneteskubernetes
1.21.5
kuberneteskubernetes
1.22.2
참조
- https://github.com/kubernetes/kubernetes/issues/104720MitigationThird Party Advisory
- https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsYMailing ListMitigation
- https://security.netapp.com/advisory/ntap-20211014-0002/Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/104720MitigationThird Party Advisory
- https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsYMailing ListMitigation
- https://security.netapp.com/advisory/ntap-20211014-0002/Third Party Advisory