Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 813645 (CVE-2020-8561)

Summary: sys-cluster/kube-apiserver: webhook redirect vulnerability
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: williamh
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/kubernetes/kubernetes/issues/104720
Whiteboard: B4 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-09-18 13:37:57 UTC 
From URL:

"A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."

No upstream fix.