A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
{
"cpe": [
"cpe:2.3:a:kubernetes:kubernetes:1.20.11:-:*:*:*:*:*:*",
"cpe:2.3:a:kubernetes:kubernetes:1.21.5:-:*:*:*:*:*:*",
"cpe:2.3:a:kubernetes:kubernetes:1.22.2:-:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.20.11-NA"
},
{
"last_affected": "1.20.11-NA"
},
{
"introduced": "1.21.5-NA"
},
{
"last_affected": "1.21.5-NA"
},
{
"introduced": "1.22.2-NA"
},
{
"last_affected": "1.22.2-NA"
}
],
"source": "CPE_STRING"
}{
"cpe": [
"cpe:2.3:a:kubernetes:kubernetes:1.20.11:-:*:*:*:*:*:*",
"cpe:2.3:a:kubernetes:kubernetes:1.21.5:-:*:*:*:*:*:*",
"cpe:2.3:a:kubernetes:kubernetes:1.22.2:-:*:*:*:*:*:*"
],
"extracted_events": [
{
"introduced": "1.20.11-NA"
},
{
"last_affected": "1.20.11-NA"
},
{
"introduced": "1.21.5-NA"
},
{
"last_affected": "1.21.5-NA"
},
{
"introduced": "1.22.2-NA"
},
{
"last_affected": "1.22.2-NA"
}
],
"source": "CPE_STRING"
}