CVE List


Moderate 4.8

Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificate credentials for authenticating to the Kubelet.

Published December 5, 2019.

Affected software

Kubernetes Kubernetes

Reference links

Sign Up for Alerts