Skip to main content

Externally Controlled Reference to a Resource in Another Sphere

CVE-2020-8561

Severity Medium
Score 4.1/10

Summary

A security issue was discovered in Kubernetes where actors that control the responses of "MutatingWebhookConfiguration" or "ValidatingWebhookConfiguration" requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

  • LOW
  • NETWORK
  • NONE
  • CHANGED
  • NONE
  • HIGH
  • LOW
  • NONE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

Advisory Timeline

  • Published