CVE-2020-8561
Webhook redirect in kube-apiserver
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
Se ha detectado un problema de seguridad en Kubernetes donde los actores que controlan las respuestas de las peticiones MutatingWebhookConfiguration o ValidatingWebhookConfiguration son capaces de redirigir las peticiones de kube-apiserver a redes privadas del apiserver. Si ese usuario puede visualizar los registros de kube-apiserver cuando el nivel de registro se establece en 10, puede visualizar las respuestas redirigidas y los encabezados en los registros
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-02-03 CVE Reserved
- 2021-09-20 CVE Published
- 2023-08-07 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-441: Unintended Proxy or Intermediary ('Confused Deputy')
- CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://github.com/kubernetes/kubernetes/issues/104720 | Mitigation | |
| https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY | Mailing List | |
| https://security.netapp.com/advisory/ntap-20211014-0002 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | 1.20.11 Search vendor "Kubernetes" for product "Kubernetes" and version "1.20.11" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | 1.21.5 Search vendor "Kubernetes" for product "Kubernetes" and version "1.21.5" | - |
Affected
| ||||||
| Kubernetes Search vendor "Kubernetes" | Kubernetes Search vendor "Kubernetes" for product "Kubernetes" | 1.22.2 Search vendor "Kubernetes" for product "Kubernetes" and version "1.22.2" | - |
Affected
| ||||||