CVE-2021-25735 MEDIUM

CVE-2021-25735: Validating Admission Webhook does not observe some previous fields

Vendor Kubernetes
Product Kubernetes
Weakness CWE-372
Published September 6, 2021
Last update September 16, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.

Key dates

02Disclosure timeline

September 6, 2021 CVE published
September 16, 2024 Record updated