Lucene search

K
cve[email protected]CVE-2021-25740
HistorySep 20, 2021 - 5:15 p.m.

CVE-2021-25740

2021-09-2017:15:08
CWE-610
CWE-441
web.nvd.nist.gov
51
kubernetes
security issue
cve-2021-25740
network traffic
unauthorized access
nvd

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

33.1%

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

Affected configurations

NVD
Node
kuberneteskubernetesMatch-
CPENameOperatorVersion
kubernetes:kuberneteskuberneteseq-

CNA Affected

[
  {
    "product": "Kubernetes",
    "vendor": "Kubernetes",
    "versions": [
      {
        "lessThanOrEqual": "1.20.11",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.20.11",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.21.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.21.5",
        "versionType": "custom"
      },
      {
        "lessThanOrEqual": "1.22.2",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unknown",
        "version": "next of 1.22.2",
        "versionType": "custom"
      }
    ]
  }
]

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

3.6 Low

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

33.1%