vulnerability
Kubernetes: CVE-2021-25737: Holes in EndpointSlice Validation Enable Host Network Hijack
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:M/Au:S/C:P/I:P/A:N) | Sep 6, 2021 | Mar 10, 2022 | Nov 19, 2024 |
Severity
5
CVSS
(AV:N/AC:M/Au:S/C:P/I:P/A:N)
Published
Sep 6, 2021
Added
Mar 10, 2022
Modified
Nov 19, 2024
Description
A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
Solution(s)
kubernetes-upgrade-1_18_19kubernetes-upgrade-1_19_10kubernetes-upgrade-1_20_7

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.