CVE-2021-25735 (Medium) detected in github.com/kubernetes/kubernetes-v1.16.6, github.com/kubernetes/apiextensions-apiserver-v0.16.6 #25
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-25735 - Medium Severity Vulnerability
github.com/kubernetes/kubernetes-v1.16.6
Production-Grade Container Scheduling and Management
Dependency Hierarchy:
github.com/kubernetes/apiextensions-apiserver-v0.16.6
API server for API extensions like CustomResourceDefinitions
Dependency Hierarchy:
Found in HEAD commit: 23cd89752b5978470bb8f7c88cae5ab268573cea
Found in base branch: master
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. You are only affected by this vulnerability if you run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. The issue is fixed in kube-apiserver version 1.21.0, 1.20.6, 1.19.10 and 1.18.18.
Publish Date: 2021-01-22
URL: CVE-2021-25735
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1937562
Release Date: 2021-01-22
Fix Resolution: v1.18.18, v1.19.10, v1.20.6, v1.21.0
The text was updated successfully, but these errors were encountered: