MEDIUM🇵🇱 Wersja polska

CVE-2021-25735

CVSS 6.5v3.1pub. 2021-09-06upd. 2024-11-21

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
  • Kubernetes

    APP
    Kubernetes
    < 1.18.181.19.0 – 1.19.10 (bez)1.20.0 – 1.20.6 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-33519CRITICAL9.8PL ✓ten sam produkt

Nieprawidłowa autoryzacja w Esri Portal for ArcGIS — obejście uprawnień

CVE-2025-57870CRITICAL10.0PL ✓ten sam produkt

SQL Injection w Esri ArcGIS Server — zdalny dostęp bez uwierzytelnienia

CVE-2018-1002105CRITICAL9.8ten sam produkt

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to p...

CVE-2017-1000056CRITICAL9.8ten sam produkt

Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation in the PodSecurityPolicy admission plug...

CVE-2016-1906CRITICAL9.8ten sam produkt

Openshift allows remote attackers to gain privileges by updating a build configuration that was created with a...