github.com/kubernetes/kubernetes is vulnerable to information disclosure and malicious redirection. If --profiling is enabled on the kube-apiserver, an attacker with a control over a validating or mutating webhook are able to access the kube-apiserver process logs and are able to redirect kube-apiserver requests to private networks of the apiserver.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/kubernetes/kubernetes | le | v1.21.0-alpha.2 | |
github.com/kubernetes/kubernetes | le | v1.25.0-alpha.1 |