URL Redirection to Untrusted Site ('Open Redirect') in go/github.com/kubernetes/client-go
URL Redirection to Untrusted Site ('Open Redirect')
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
All versions starting from 1.16.0 before 1.18.19, all versions starting from 1.19.0 before 1.19.10, all versions starting from 1.20.0 before 1.20.7, version 1.21.0