CVE-2021-25735
Summary
| CVE | CVE-2021-25735 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-06 12:15:00 UTC |
| Updated | 2023-06-26 19:16:00 UTC |
| Description | A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kubernetes | Kubernetes | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2021-25735: Validating Admission Webhook does not observe some previous fields | MISC | groups.google.com | |
| CVE-2021-25735: Validating Admission Webhook does not observe some previous fields · Issue #100096 · kubernetes/kubernetes · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Rogerio Bastos & Ari Lima
Legacy QID Mappings
- 183848 Debian Security Update for kubernetes (CVE-2021-25735)
- 239525 Red Hat Update for OpenShift Container Platform 4.8.2 (RHSA-2021:2437)
- 377846 Kubernetes Validating Admission Webhook Vulnerability
- 501872 Alpine Linux Security Update for k3s
- 770074 Red Hat OpenShift Container Platform 4.8 Security Update (RHSA-2021:2437)
- 770111 Red Hat OpenShift Container Platform 4.8 Security Update (RHSA-2021-2437)