CVE-2021-25737

Summary

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

Affected Software

VendorProductVersion RangeStatus
KubernetesKubernetesunspecified <= 1.18.18affected
KubernetesKubernetesunspecified <= 1.19.10affected
KubernetesKubernetesunspecified <= 1.20.6affected
KubernetesKubernetesunspecified <= 1.21.0affected

Weaknesses

  • CWE-184: CWE-184 Incomplete Blacklist

ADP Enrichment

CVE Program Container

Additional References

References