Lucene search

K
nvd[email protected]NVD:CVE-2021-25736
HistoryOct 30, 2023 - 3:15 a.m.

CVE-2021-25736

2023-10-3003:15:07
web.nvd.nist.gov
kube-proxy
windows
traffic forwarding
vulnerability
loadbalancer
service
controller
status field
ingress ip
cluster safety

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%

Kube-proxy
on Windows can unintentionally forward traffic to local processes
listening on the same port (“spec.ports[*].port”) as a LoadBalancer
Service when the LoadBalancer controller
does not set the “status.loadBalancer.ingress[].ip” field. Clusters
where the LoadBalancer controller sets the
“status.loadBalancer.ingress[].ip” field are unaffected.

Affected configurations

NVD
Node
microsoftwindowsMatch-
AND
kuberneteskubernetesRange1.18.01.18.18
OR
kuberneteskubernetesRange1.19.01.19.10
OR
kuberneteskubernetesRange1.20.01.20.6

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.2%