Moderate severityNVD Advisory· Published Sep 6, 2021· Updated Sep 16, 2024
Holes in EndpointSlice Validation Enable Host Network Hijack
CVE-2021-25737
Description
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
k8s.io/kubernetesGo | >= 1.16.0, < 1.18.19 | 1.18.19 |
k8s.io/kubernetesGo | >= 1.19.0, < 1.19.11 | 1.19.11 |
k8s.io/kubernetesGo | >= 1.20.0, < 1.20.7 | 1.20.7 |
k8s.io/kubernetesGo | >= 1.21.0, < 1.21.1 | 1.21.1 |
Affected products
1- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-mfv7-gq43-w965ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-25737ghsaADVISORY
- github.com/kubernetes/kubernetes/issues/102106ghsax_refsource_MISCWEB
- groups.google.com/g/kubernetes-security-announce/c/xAiN3924thYghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20211004-0004ghsaWEB
- security.netapp.com/advisory/ntap-20211004-0004/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.