cbcvebase.
CVE-2021-25736
published 2023-10-30

CVE-2021-25736: Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when…

PriorityP434medium6.3CVSS 3.1
AVNACHPRLUINSCCHINAN
EPSS
0.91%
55.4th percentile
Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiankubernetes
k8s.iokubernetes>= 0 < 1.211.21
k8s.iokubernetes>= 0 < 1.21.01.21.0
kuberneteskubernetes<= v1.20.5
kuberneteskubernetes>= 1.18.0 < 1.18.181.18.18
kuberneteskubernetes>= 1.19.0 < 1.19.101.19.10
kuberneteskubernetes>= 1.20.0 < 1.20.61.20.6

CVSS provenance

nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
vendor_debian5.8LOW
vendor_redhat5.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.