CVE-2021-25737

Medium

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes…

kubernetes·CWE-184·Published 2021-09-06

CVSS

4.8

EPSS

0.01

KEV

Exploits

cve.orgen

280 chars

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

NVDen

280 chars

GHSAen

280 chars

NVDes

322 chars

Se ha detectado un problema de seguridad en Kubernetes en el que un usuario puede ser capaz de redirigir el tráfico del pod a redes privadas en un Nodo. Kubernetes ya previene la creación de IPs de Endpoint en el rango localhost o link-local, pero no se ha llevado a cabo la misma comprobación en las IPs de EndpointSlice.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.9	6.8	4.9	AV:N/AC:M/Au:S/C:P/I:P/A:N
3.1	Primary	NVD	4.8	1.7	2.7	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3.1	Primary	cve.org	2.7	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
3.1	Primary	cve.org	2.7	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
3.1	Secondary	GHSA	4.8	—	—	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
3.1	Secondary	NVD	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N