A security issue was discovered in Kubernetes where a user may be able to redirect pod traffic to private networks on a Node. Kubernetes already prevents creation of Endpoint IPs in the localhost or link-local range, but the same validation was not performed on EndpointSlice IPs.
References
Link | Resource |
---|---|
https://github.com/kubernetes/kubernetes/issues/102106 | Patch Third Party Advisory |
https://groups.google.com/g/kubernetes-security-announce/c/xAiN3924thY | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20211004-0004/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-09-06 05:15
Updated : 2021-10-07 10:55
NVD link : CVE-2021-25737
Mitre link : CVE-2021-25737
JSON object : View
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
Products Affected
kubernetes
- kubernetes