Vulnerability Details CVE-2021-25737
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.7%
CVSS Severity
CVSS v3 Score 2.7
CVSS v2 Score 4.9
References
- https://github.com/kubernetes/kubernetes/issues/102106
- https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY
- https://security.netapp.com/advisory/ntap-20211004-0004/
- https://github.com/kubernetes/kubernetes/issues/102106
- https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY
- https://security.netapp.com/advisory/ntap-20211004-0004/
Products affected by CVE-2021-25737
-
cpe:2.3:a:kubernetes:kubernetes:1.16.0
-
cpe:2.3:a:kubernetes:kubernetes:1.16.1
-
cpe:2.3:a:kubernetes:kubernetes:1.16.10
-
cpe:2.3:a:kubernetes:kubernetes:1.16.11
-
cpe:2.3:a:kubernetes:kubernetes:1.16.12
-
cpe:2.3:a:kubernetes:kubernetes:1.16.13
-
cpe:2.3:a:kubernetes:kubernetes:1.16.2
-
cpe:2.3:a:kubernetes:kubernetes:1.16.3
-
cpe:2.3:a:kubernetes:kubernetes:1.16.4
-
cpe:2.3:a:kubernetes:kubernetes:1.16.5
-
cpe:2.3:a:kubernetes:kubernetes:1.16.6
-
cpe:2.3:a:kubernetes:kubernetes:1.16.7
-
cpe:2.3:a:kubernetes:kubernetes:1.16.8
-
cpe:2.3:a:kubernetes:kubernetes:1.16.9
-
cpe:2.3:a:kubernetes:kubernetes:1.17.0
-
cpe:2.3:a:kubernetes:kubernetes:1.17.1
-
cpe:2.3:a:kubernetes:kubernetes:1.17.10
-
cpe:2.3:a:kubernetes:kubernetes:1.17.11
-
cpe:2.3:a:kubernetes:kubernetes:1.17.12
-
cpe:2.3:a:kubernetes:kubernetes:1.17.13
-
cpe:2.3:a:kubernetes:kubernetes:1.17.2
-
cpe:2.3:a:kubernetes:kubernetes:1.17.3
-
cpe:2.3:a:kubernetes:kubernetes:1.17.4
-
cpe:2.3:a:kubernetes:kubernetes:1.17.5
-
cpe:2.3:a:kubernetes:kubernetes:1.17.6
-
cpe:2.3:a:kubernetes:kubernetes:1.17.7
-
cpe:2.3:a:kubernetes:kubernetes:1.17.8
-
cpe:2.3:a:kubernetes:kubernetes:1.17.9
-
cpe:2.3:a:kubernetes:kubernetes:1.18.0
-
cpe:2.3:a:kubernetes:kubernetes:1.18.1
-
cpe:2.3:a:kubernetes:kubernetes:1.18.10
-
cpe:2.3:a:kubernetes:kubernetes:1.18.17
-
cpe:2.3:a:kubernetes:kubernetes:1.18.18
-
cpe:2.3:a:kubernetes:kubernetes:1.18.2
-
cpe:2.3:a:kubernetes:kubernetes:1.18.3
-
cpe:2.3:a:kubernetes:kubernetes:1.18.4
-
cpe:2.3:a:kubernetes:kubernetes:1.18.5
-
cpe:2.3:a:kubernetes:kubernetes:1.18.6
-
cpe:2.3:a:kubernetes:kubernetes:1.18.7
-
cpe:2.3:a:kubernetes:kubernetes:1.18.8
-
cpe:2.3:a:kubernetes:kubernetes:1.18.9
-
cpe:2.3:a:kubernetes:kubernetes:1.19.0
-
cpe:2.3:a:kubernetes:kubernetes:1.19.1
-
cpe:2.3:a:kubernetes:kubernetes:1.19.2
-
cpe:2.3:a:kubernetes:kubernetes:1.19.3
-
cpe:2.3:a:kubernetes:kubernetes:1.19.4
-
cpe:2.3:a:kubernetes:kubernetes:1.19.5
-
cpe:2.3:a:kubernetes:kubernetes:1.19.6
-
cpe:2.3:a:kubernetes:kubernetes:1.19.7
-
cpe:2.3:a:kubernetes:kubernetes:1.19.8
-
cpe:2.3:a:kubernetes:kubernetes:1.19.9
-
cpe:2.3:a:kubernetes:kubernetes:1.20.0
-
cpe:2.3:a:kubernetes:kubernetes:1.20.1
-
cpe:2.3:a:kubernetes:kubernetes:1.20.2
-
cpe:2.3:a:kubernetes:kubernetes:1.20.3
-
cpe:2.3:a:kubernetes:kubernetes:1.20.4
-
cpe:2.3:a:kubernetes:kubernetes:1.20.5
-
cpe:2.3:a:kubernetes:kubernetes:1.20.6
-
cpe:2.3:a:kubernetes:kubernetes:1.21.0