Lucene search
PRIOn knowledge basePRION:CVE-2020-8561HistorySep 20, 2021 - 5:15 p.m.
Design/Logic Flaw
2021-09-2017:15:00
PRIOn knowledge base
www.prio-n.com
3
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
| CPE | Name | Operator | Version |
|---|---|---|---|
| kubernetes | eq | 1.20.11 | |
| kubernetes | eq | 1.21.5 | |
| kubernetes | eq | 1.22.2 |
Related
gitlab
gitlab
Externally Controlled Reference to a Resource in Another Sphere
2021-09-21 00:00:00
osv
osv
Confused Deputy in Kubernetes
2021-09-21 18:28:21
CVE-2020-8561
2021-09-20 17:15:08
cve
cve
CVE-2020-8561
2021-09-20 17:15:08
redhatcve
redhatcve
CVE-2020-8561
2021-09-15 23:48:10
cbl_mariner
cbl_mariner
CVE-2020-8561 affecting package kubernetes 1.22.4-3
2022-03-01 01:46:55
nvd
nvd
CVE-2020-8561
2021-09-20 17:15:08
github
github
Confused Deputy in Kubernetes
2021-09-21 18:28:21
debiancve
debiancve
CVE-2020-8561
2021-09-20 17:15:08
cvelist
cvelist
CVE-2020-8561 Webhook redirect in kube-apiserver
2021-09-15 00:00:00
ubuntucve
ubuntucve
CVE-2020-8561
2021-09-20 00:00:00
veracode
veracode
Information Disclosure And Malicious Redirect
2021-09-21 07:22:27
hackerone
hackerone
Kubernetes: SSRF for kube-apiserver cloudprovider scene
2020-07-24 12:41:44