Reconciling the Past: Correcting Records for Unfixed Kubernetes CVEs

The Kubernetes Security Response Committee is correcting CVE records for three unfixed vulnerabilities previously marked as fixed.

• •CVE-2020-8561 (Medium): webhook redirect in kube-apiserver; mitigate with restricted log verbosity and disabled profiling
• •CVE-2020-8562 (Low): DNS TOCTOU race condition enabling proxy bypass; deploy DNS caching solutions
• •CVE-2021-25740 (Low): cross-namespace forwarding via Endpoints; harden RBAC for write restrictions
• •These are architectural design trade-offs that cannot be remediated without breaking Kubernetes
• •Administrators should implement configuration changes and validate in non-production environments

This summary was automatically generated by AI based on the original article and may not be fully accurate.