CVE-2021-25736

EPSS 0.12%
Published 30.10.2023 03:15:07
Last modified 12.06.2025 15:15:27
Source jordan@liggitt.net
Teams watchlist Login
Open Login

Kube-proxy
 on Windows can unintentionally forward traffic to local processes 
listening on the same port (“spec.ports[*].port”) as a LoadBalancer 
Service when the LoadBalancer controller
 does not set the “status.loadBalancer.ingress[].ip” field. Clusters 
where the LoadBalancer controller sets the 
“status.loadBalancer.ingress[].ip” field are unaffected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version >= 1.18.0 < 1.18.18

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.19.0 < 1.19.10

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.20.0 < 1.20.6

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.12%	0.317

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.3	1.8	4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
jordan@liggitt.net	5.8	1.3	4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

https://github.com/kubernetes/kubernetes/pull/99958

Third Party Advisory

https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20231221-0003/

https://nvd.nist.gov/vuln/detail/CVE-2021-25736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25736

EUVD