CVE-2021-25735

medium

Description

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.

References

https://www.ibm.com/support/pages/node/6549374

https://www.ibm.com/support/pages/node/6447812

https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y

https://github.com/kubernetes/kubernetes/issues/100096

Details

Source: Mitre, NVD

Published: 2021-09-06

Updated: 2023-06-26

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Severity: Medium