Unpatchable Vulnerabilities of Kubernetes: CVE-2020-8561

This report examines CVE-2020-8561, which combines an SSRF vector in the Kubernetes API server (using validatingwebhookconfigurations) with the API server's profiling endpoint to increase log verbosity and capture SSRF responses; the analysis describes the attack flow, proof-of-concept steps (including PUT to /debug/flags/v and creation of a malicious ValidatingWebhookConfiguration), the conditions that increase impact (especially managed control planes and network segmentation), and recommended mitigations such as disabling --profiling and segregating control-plane network access.