Lucene search
GoogleOSV:GHSA-74J8-88MM-7496HistorySep 21, 2021 - 6:28 p.m.
Confused Deputy in Kubernetes
2021-09-2118:28:21
Google
osv.dev
14
0.001 Low
EPSS
Percentile
33.3%
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| k8s.io/kubernetes | le | 1.22.2 |
Related
gitlab
gitlab
Externally Controlled Reference to a Resource in Another Sphere
2021-09-21 00:00:00
cve
cve
CVE-2020-8561
2021-09-20 17:15:08
redhatcve
redhatcve
CVE-2020-8561
2021-09-15 23:48:10
prion
prion
Design/Logic Flaw
2021-09-20 17:15:00
cbl_mariner
cbl_mariner
CVE-2020-8561 affecting package kubernetes 1.22.4-3
2022-03-01 01:46:55
nvd
nvd
CVE-2020-8561
2021-09-20 17:15:08
github
github
Confused Deputy in Kubernetes
2021-09-21 18:28:21
ubuntucve
ubuntucve
CVE-2020-8561
2021-09-20 00:00:00
veracode
veracode
Information Disclosure And Malicious Redirect
2021-09-21 07:22:27
osv
osv
CVE-2020-8561
2021-09-20 17:15:08
debiancve
debiancve
CVE-2020-8561
2021-09-20 17:15:08
cvelist
cvelist
CVE-2020-8561 Webhook redirect in kube-apiserver
2021-09-15 00:00:00
hackerone
hackerone
Kubernetes: SSRF for kube-apiserver cloudprovider scene
2020-07-24 12:41:44