Lucene search
Veracode Vulnerability DatabaseVERACODE:32185HistorySep 21, 2021 - 6:26 a.m.
Cross-Site Request Forgery (CSRF)
2021-09-2106:26:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
11
0.001 Low
EPSS
Percentile
33.2%
github.com/kubernetes/kubernetes is vulnerable to cross-site request forgery. Backend IPs to ExternalName Services are exposed to ExternalName Services as it allows attackers to send network traffic to restricted locations.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/haproxytech/kubernetes-ingress | le | v1.6.6 | |
| github.com/haproxytech/kubernetes-ingress | le | v1.6.6 |
References
Related
cve
cve
CVE-2021-25740
2021-09-20 17:15:08
osv
osv
Confused Deputy in Kubernetes
2021-09-21 18:28:30
cvelist
cvelist
CVE-2021-25740 Holes in EndpointSlice Validation Enable Host Network Hijack
2021-07-14 00:00:00
nvd
nvd
CVE-2021-25740
2021-09-20 17:15:08
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by an endpoint resource security design flaw in Kubernetes (CVE-2021-25740)
2022-06-08 22:01:11
ubuntucve
ubuntucve
CVE-2021-25740
2021-09-20 00:00:00
gitlab
gitlab
Externally Controlled Reference to a Resource in Another Sphere
2021-09-21 00:00:00
prion
prion
Security feature bypass
2021-09-20 17:15:00
github
github
Confused Deputy in Kubernetes
2021-09-21 18:28:30
redhatcve
redhatcve
CVE-2021-25740
2021-07-15 00:51:56
debiancve
debiancve
CVE-2021-25740
2021-09-20 17:15:08