Base Score

MEDIUM4.8

CVE-2021-25737

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

VectorNETWORK

Published Byjordan@liggitt.net

Published DateSep 06, 2021, 12:15

Affected Versions(4)

k8s.io/kubernetes(Go)

Introduced1.16.0

Fixed1.18.19

LimitN/A

k8s.io/kubernetes(Go)

Introduced1.19.0

Fixed1.19.11

LimitN/A

k8s.io/kubernetes(Go)

Introduced1.20.0

Fixed1.20.7

LimitN/A

k8s.io/kubernetes(Go)

Introduced1.21.0

Fixed1.21.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
k8s.io/kubernetes(Go)	1.16.0	1.18.19	N/A
k8s.io/kubernetes(Go)	1.19.0	1.19.11	N/A
k8s.io/kubernetes(Go)	1.20.0	1.20.7	N/A
k8s.io/kubernetes(Go)	1.21.0	1.21.1	N/A

Weakness Type (CWE):CWE-601

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE

References

Base Score

MEDIUM4.8

Weakness Type (CWE):CWE-601

CVSS Metrics

Base Score

4.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

HIGH

User Interaction (UI)

REQUIRED

Scope (S)

CHANGED

Confidentiality (C)

LOW

Integrity (I)

LOW

Availability (A)

NONE