If an attacker is able to intercept certain requests to the Kubelet, they
can send a redirect response that may be followed by a client using the
credentials from the original request. This can lead to compromise of other
Kubernetes is embedded in the version of heketi shipped with Red Hat Gluster Storage 3. However, it does not use Kubernetes API server part and only uses client side bits. Hence, this flaw does not affect heketi.
Name: the Kubernetes Product Security Committee
Upstream: Wouter ter Maat (Offensi)
No mitigation is known.
Created origin tracking bugs for this issue:
Affects: fedora-all [bug 1857458]