CVE-2020-8561
4.1 MEDIUMA security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhoo...
Published: 2021-09-20 · Last updated: 2026-06-01
Severity and scoring
- CVSS
- 4.1 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
- CWE
- CWE-441, CWE-610
Affected products
| Vendor | Product |
|---|---|
| kubernetes | kubernetes |
Description
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2020-8561
- [Other]https://github.com/kubernetes/kubernetes/issues/104720
- [Other]https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY
- [Other]https://kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves/
- [Other]https://security.netapp.com/advisory/ntap-20211014-0002/
- [Other]https://github.com/kubernetes/kubernetes/issues/104720
- [Other]https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY
- [Other]https://security.netapp.com/advisory/ntap-20211014-0002/
Related CVEs
Same vendor
- CVE-2026-4342 — A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx (8.8 HIGH)
- CVE-2020-8562 — As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or l... (2.2 LOW)
- CVE-2021-25740 — A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not hav... (3.1 LOW)
- CVE-2020-8554 — Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to ... (6.3 MEDIUM)
Same CWE
- CVE-2026-49821 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (7.7 HIGH)
- CVE-2026-36608 — Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's own ... (8.8 HIGH)
- CVE-2026-0098 — In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy (7.8 HIGH)
- CVE-2025-48570 — In multiple functions of PipTaskOrganizer.java, there is a possible way to launch an activity from the background due to a confused deputy (7.8 HIGH)
- CVE-2026-48522 — PyJWT is a JSON Web Token implementation in Python (4.2 MEDIUM)