A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kubernetes | Kubernetes | * | 1.18.18 (excluding) |
Kubernetes | Kubernetes | 1.19.0 (including) | 1.19.10 (excluding) |
Kubernetes | Kubernetes | 1.20.0 (including) | 1.20.6 (excluding) |
Red Hat OpenShift Container Platform 4.8 | RedHat | openshift-0:4.8.0-202107161820.p0.git.051ac4f.assembly.stream.el7 | * |
Kubernetes | Ubuntu | groovy | * |
Kubernetes | Ubuntu | hirsute | * |
Kubernetes | Ubuntu | impish | * |
Kubernetes | Ubuntu | kinetic | * |
Kubernetes | Ubuntu | lunar | * |
Kubernetes | Ubuntu | mantic | * |