A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
{ "nvd_published_at": "2021-09-20T17:15:00Z", "cwe_ids": [ "CWE-441", "CWE-610" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-09-21T14:53:38Z" }