CVE-2020-8561 MEDIUM

CVE-2020-8561: Webhook redirect in kube-apiserver

Vendor Kubernetes
Product Kubernetes
Weakness CWE-441
Published September 20, 2021
Last update June 1, 2026

CVSS base score

4.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

Key dates

02Disclosure timeline

September 20, 2021 CVE published
June 1, 2026 Record updated

Related vulnerabilities

04Related CVE