Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 813645 (CVE-2020-8561) - sys-cluster/kube-apiserver: webhook redirect vulnerability
Summary: sys-cluster/kube-apiserver: webhook redirect vulnerability
Status: CONFIRMED
Alias: CVE-2020-8561
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/kubernetes/kuberne...
Whiteboard: B4 [upstream]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-09-18 13:37 UTC by John Helmert III
Modified: 2021-09-18 13:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-09-18 13:37:57 UTC
From URL:

"A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs."

No upstream fix.