Vulnerability Description
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kubernetes | Kubernetes | < 1.18.18 |
Related Weaknesses (CWE)
References
- https://github.com/kubernetes/kubernetes/issues/100096PatchThird Party Advisory
- https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9YMailing ListThird Party Advisory
- https://github.com/kubernetes/kubernetes/issues/100096PatchThird Party Advisory
- https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9YMailing ListThird Party Advisory
FAQ
What is CVE-2021-25735?
CVE-2021-25735 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admi...
How severe is CVE-2021-25735?
CVE-2021-25735 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25735?
Check the references section above for vendor advisories and patch information. Affected products include: Kubernetes Kubernetes.