8 matches found
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information disclosure in Kubernetes [CVE-2021-25740]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to information disclosure in Kubernetes, caused by a confused deputy attack. CVE-2021-25740. Kubernetes is included as part of the utilities used by our Speech Services. This vulnerabilitiy has been addressed...
Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability in Kubernetes (CVE-2021-25740)
Summary An information disclosure vulnerability in Kubernetes used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2021-25740 DESCRIPTION: Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a confused deputy attack...
Security Bulletin: IBM Cloud Kubernetes Service is affected by an endpoint resource security design flaw in Kubernetes (CVE-2021-25740)
Summary IBM Cloud Kubernetes Service is affected by an endpoint resource security design flaw in Kubernetes. If a potential attacker can create or edit Endpoints or EndpointSlices in the Kubernetes API, they can potentially direct a LoadBalancer or Ingress implementation to expose backend IPs the...
DEBIAN-CVE-2021-25740
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack...
CVE-2021-25740
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack...
CVE-2021-25740
CVE-2021-25740: Kubernetes could allow a remote authenticated attacker to disclose backend IPs by abusing Endpoints/EndpointSlices via a confused deputy attack. Affected: Kubernetes API usage; impact is information disclosure (low to moderate CVSS v3.1 3.1). Root cause: misused permissions enabli...
CVE-2021-25740
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack...
CVE-2021-25740
creationtimestamp| type| source ---|---|--- 2021-07-15 07:58:12+00:00| seen| https://t.me/k8security/344 2025-09-30 00:13:36+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lzzajsf24423 2025-09-30 15:56:04+00:00| seen| https://bsky.app/profile/kubernetes.dev/post/3m22v6zsv7i2o...