Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in k8s.io/apiserver #1776

Closed
roox26 opened this issue May 12, 2023 · 1 comment
Closed

x/vulndb: potential Go vuln in k8s.io/apiserver #1776

roox26 opened this issue May 12, 2023 · 1 comment
Assignees
@jba
Labels
Direct External Report duplicate

Comments

@roox26
Copy link

roox26 commented May 12, 2023
edited
Loading

Description

Description from CVE
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

Explanation
The kubernetes and apiserver packages are vulnerable to Unintended Proxy attacks. The NewGenericWebhook() function in webhook.go provides no mechanism to limit the following of redirects in cases where a MutatingWebhookConfiguration or ValidatingWebhookConfiguration request receives a HTTP redirect as a response. An attacker who can control the response of a MutatingWebhookConfiguration or ValidatingWebhookConfiguration request, and who has access to the kube-apiserver process logs, can exploit this vulnerability by sending a crafted HTTP response which redirects the request to endpoints within private networks to which the apiserver is connected. The attacker can then view the responses and headers of the redirected requests in the process logs, allowing them to gain sensitive information about protected network resources.

Advisory Deviation Notice:
The Sonatype Security Research team has created a CVSS score that differs from the publicly available score that, based on our research, more accurately reflects the severity of the vulnerability.
Reference:kubernetes/kubernetes#104720

Affected Modules, Packages, Versions and Symbols

Module: github.com/example/module
Package: github.com/example/module/package
Versions:
  - Introduced: 1.2.0
  - Fixed: 1.2.4
Symbols:
  - aFunction
  - SomeType.AMethod

Module: github.com/example/module/v2
Package: github.com/example/module/v2/package
Versions:
  - Fixed: 2.4.5
Symbols:
  - anotherFunction

Does this vulnerability already have an associated CVE ID?

Yes

CVE ID

CVE-2020-8561

Credit

No response

CWE ID

No response

Pull Request

No response

Commit

No response

References

No response

Additional information

No response
@jba jba self-assigned this May 15, 2023
@jba jba added the duplicate label May 15, 2023
@jba
Copy link
Contributor

jba commented May 15, 2023

Duplicate of #904

@jba jba marked this as a duplicate of #904 May 15, 2023
@jba jba closed this as completed May 15, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jba jba

Labels
Direct External Report duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jba @roox26