CVE-2021-25736

EPSS 0.12%
Veröffentlicht 30.10.2023 03:15:07
Zuletzt bearbeitet 12.06.2025 15:15:27
Quelle jordan@liggitt.net
Teams Watchlist Login
Unerledigt Login

Kube-proxy
 on Windows can unintentionally forward traffic to local processes 
listening on the same port (“spec.ports[*].port”) as a LoadBalancer 
Service when the LoadBalancer controller
 does not set the “status.loadBalancer.ingress[].ip” field. Clusters 
where the LoadBalancer controller sets the 
“status.loadBalancer.ingress[].ip” field are unaffected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Kubernetes ≫ Kubernetes Version >= 1.18.0 < 1.18.18

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.19.0 < 1.19.10

Microsoft ≫ Windows Version-

Kubernetes ≫ Kubernetes Version >= 1.20.0 < 1.20.6

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.317

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.3	1.8	4	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
jordan@liggitt.net	5.8	1.3	4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N

CWE-114 Process Control

Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads) on behalf of an attacker.

https://github.com/kubernetes/kubernetes/pull/99958

Third Party Advisory

https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ

Third Party Advisory

Mailing List

https://security.netapp.com/advisory/ntap-20231221-0003/

https://nvd.nist.gov/vuln/detail/CVE-2021-25736

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-25736

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-25736

EUVD