Lucene search

Confused Deputy in Kubernetes

🗓️ 21 Sep 2021 18:21:28Reported by GitHub Advisory DatabaseType

Security issue in Kubernetes with MutatingWebhookConfiguration and ValidatingWebhookConfiguration requests allowing redirection of kube-apiserver requests to private networks of the apiserver. User with access to kube-apiserver logs at log level 10 can view redirected responses and headers

Reporter	Title	Published	Views	Family All 18
OSV	Confused Deputy in Kubernetes	21 Sep 202118:28	–	osv
OSV	CGA-C5Q7-57H2-RQ9C	6 Jun 202412:25	–	osv
OSV	CVE-2020-8561	20 Sep 202117:15	–	osv
OSV	CGA-P6XX-PG8G-64F3	6 Jun 202412:28	–	osv
OSV	CGA-CF3Q-MXJ7-W272	6 Jun 202412:25	–	osv
OSV	CGA-3X92-7523-QRFF	6 Jun 202412:22	–	osv
GitLab Advisory Database	Externally Controlled Reference to a Resource in Another Sphere	21 Sep 202100:00	–	gitlab
CVE	CVE-2020-8561	20 Sep 202117:15	–	cve
Veracode	Information Disclosure And Malicious Redirect	21 Sep 202107:22	–	veracode
UbuntuCve	CVE-2020-8561	20 Sep 202100:00	–	ubuntucve

Vulners

Node

k8s.io kubernetesRange≤1.22.2

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-8561
github	www.github.com/kubernetes/kubernetes/issues/104720
groups	www.groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY
security	www.security.netapp.com/advisory/ntap-20211014-0002/
github	www.github.com/advisories/GHSA-74j8-88mm-7496

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Sep 2021 18:28Current

4.9Medium risk

Vulners AI Score4.9

CVSS24

CVSS34.1

EPSS0.00078