CVE Vulnerabilities

CVE-2021-25736

Published: Oct 30, 2023 | Modified: Dec 21, 2023
CVSS 3.x
6.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Affected Software

Name Vendor Start Version End Version
Kubernetes Kubernetes 1.18.0 *
Kubernetes Kubernetes 1.19.0 *
Kubernetes Kubernetes 1.20.0 *

References