Confused Deputy in Kubernetes

GHSA-74j8-88mm-7496 · CVE-2020-8561

Published Sep 21, 2021 · Modified Jun 9, 2026

Description

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2020-8561
WEB https://github.com/kubernetes/kubernetes/issues/104720
PACKAGE https://github.com/kubernetes/kubernetes
WEB https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY
WEB https://kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves
WEB https://security.netapp.com/advisory/ntap-20211014-0002

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes