A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kubernetes | Kubernetes | * | 1.18.18 (excluding) |
Kubernetes | Kubernetes | 1.19.0 (including) | 1.19.10 (excluding) |
Kubernetes | Kubernetes | 1.20.0 (including) | 1.20.6 (excluding) |