Description
A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
- Attack Vector
- network
- Complexity
- high
- Privileges
- high
- User Action
- required
- Scope
- changed
- Confidentiality
- low
- Integrity
- low
- Availability
- low
- Weaknesses
- CWE-918CWE-918
Metadata
- Primary Vendor
- KUBERNETES
- Published
- 11/3/2023
- Last Modified
- 2/13/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
kubernetes : apiserverkubernetes : apiserverkubernetes : apiserverkubernetes : apiserverkubernetes : apiserver
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.