What is GHSA-74j8-88mm-7496?

GHSA-74j8-88mm-7496 is a security advisory published by GitHub Security Advisories with Medium severity. Confused Deputy in Kubernetes

Which CVE IDs does GHSA-74j8-88mm-7496 cover?

GHSA-74j8-88mm-7496 covers the following CVE IDs: CVE-2020-8561. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-74j8-88mm-7496?

GHSA-74j8-88mm-7496 has a CVSS v3 base score of 4.1, published by GitHub Security Advisories.

Which products are affected by GHSA-74j8-88mm-7496?

GHSA-74j8-88mm-7496 affects 1 product, including: go/k8s.io/kubernetes:\u003c= 1.22.2.

GHSA-74j8-88mm-7496MediumCVSS 4.1

Confused Deputy in Kubernetes

Vendor

GitHub Security Advisories

Published

September 21, 2021

Last Modified

June 9, 2026

🔗 CVE IDs covered (1)

CVE-2020-8561 →

📋 Description

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver requests to private networks of the apiserver. If that user can view kube-apiserver logs when the log level is set to 10, they can view the redirected responses and headers in the logs.

🎯 Affected products1

go/k8s.io/kubernetes:<= 1.22.2

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2020-8561
https://github.com/kubernetes/kubernetes/issues/104720
https://groups.google.com/g/kubernetes-security-announce/c/RV2IhwcrQsY
https://kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves
https://security.netapp.com/advisory/ntap-20211014-0002
https://github.com/advisories/GHSA-74j8-88mm-7496