Incomplete List of Disallowed Inputs in Kubernetes

GHSA-mfv7-gq43-w965 · CVE-2021-25737 · GO-2022-0908

Published Sep 7, 2021 · Modified Aug 21, 2024

Description

A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2021-25737
WEB https://github.com/kubernetes/kubernetes/issues/102106
PACKAGE https://github.com/kubernetes/kubernetes
WEB https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY
WEB https://security.netapp.com/advisory/ntap-20211004-0004

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes