CVE-2021-25735
Last modified
CVE-2021-25735 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. EPSS estimates a 5.23% chance of exploitation in the next 30 days.
Description
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | < 1.18.18 |
| Kubernetes | Kubernetes | >= 1.19.0, < 1.19.10 |
| Kubernetes | Kubernetes | >= 1.20.0, < 1.20.6 |
References
- https://github.com/kubernetes/kubernetes/issues/100096Patch, Third Party Advisory
- https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9YMailing List, Third Party Advisory
- https://github.com/kubernetes/kubernetes/issues/100096Patch, Third Party Advisory
- https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9YMailing List, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-25735?
How severe is CVE-2021-25735?
How do I fix CVE-2021-25735?
Are you affected by CVE-2021-25735?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST