CVE-2021-25736 (Medium) detected in github.com/kubernetes/kubernetes-v1.16.6 #28
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2021-25736 - Medium Severity Vulnerability
Production-Grade Container Scheduling and Management
Dependency Hierarchy:
Found in HEAD commit: 23cd89752b5978470bb8f7c88cae5ab268573cea
Found in base branch: master
A flaw was found in the Windows kube-proxy component in Kubernetes before 1.18.18, 1.19.10, 1.20.6, 1.21.0. In a cloud environment that does not set the “.status.loadBalancer.ingress.ip” field in the LoadBalancer service status configuration (for example in AWS) the packets can be misrouted and reach an unintended destination.
Publish Date: 2021-01-22
URL: CVE-2021-25736
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://bugzilla.redhat.com/show_bug.cgi?id=1946538
Release Date: 2021-01-22
Fix Resolution: kubernetes - 1.18.18, 1.19.10, 1.20.6, 1.21.0
The text was updated successfully, but these errors were encountered: