cbcvebase.
CVE-2020-8561
published 2021-09-20

CVE-2020-8561: A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration…

PriorityP420medium4.1CVSS 3.1
AVNACLPRHUINSCCLINAN
EPSS
1.95%
77.8th percentile
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

Affected

11 ranges
VendorProductVersion rangeFixed in
debiankubernetes< kubernetes 1.20.5+really1.20.2-1 (bookworm)kubernetes 1.20.5+really1.20.2-1 (bookworm)
k8s.iokubernetes0 – 1.22.2
kuberneteskubernetes< **
kuberneteskubernetes
kuberneteskubernetes
kuberneteskubernetes
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
kuberneteskubernetes>= 0 < 1.20.5+really1.20.2-11.20.5+really1.20.2-1
msrccm1_kubernetes_1.22.6-1_on_cbl_mariner_1.0

CVSS provenance

nvdv3.14.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
osv4.1MEDIUM
vendor_debian4.1MEDIUM
vendor_msrc4.1MEDIUM
vendor_redhat4.1MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.