CVE-2021-25740
published 2021-09-20CVE-2021-25740: A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a…
PriorityP414low3.1CVSS 3.1
AVNACHPRLUINSUCLINAN
EPSS
1.81%
76.0th percentile
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | kubernetes | < kubernetes 1.20.5+really1.20.2-1 (bookworm) | kubernetes 1.20.5+really1.20.2-1 (bookworm) |
| k8s.io | kubernetes | 0 – 1.22.2 | — |
| kubernetes | kubernetes | < * | * |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
| kubernetes | kubernetes | >= 0 < 1.20.5+really1.20.2-1 | 1.20.5+really1.20.2-1 |
CVSS provenance
nvdv3.13.1LOWCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:P/I:N/A:N
osv3.1LOW
vendor_debian3.1LOW
vendor_redhat3.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Confused Deputy in Kubernetes
ghsa·2021-09-21
CVE-2021-25740 [LOW] CWE-441 Confused Deputy in Kubernetes
Confused Deputy in Kubernetes
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
OSV
Confused Deputy in Kubernetes
osv·2021-09-21
CVE-2021-25740 [LOW] Confused Deputy in Kubernetes
Confused Deputy in Kubernetes
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
OSV
CVE-2021-25740: A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to v
osv·2021-09-20·CVSS 3.1
CVE-2021-25740 [LOW] CVE-2021-25740: A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to v
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Red Hat
kubernetes: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
vendor_redhat·2021-07-15·CVSS 3.1
CVE-2021-25740 [LOW] CWE-863 kubernetes: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
kubernetes: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
A flaw was found in Kubernetes. This issue enables users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Package: atomic-openshift (Red Hat OpenShift Container Platform 3.11) - Out of support scope
Package: openshift (Red Hat OpenShift Container Platform 4) - Not affected
Debian
CVE-2021-25740: kubernetes - A security issue was discovered with Kubernetes that could enable users to send ...
vendor_debian·2021·CVSS 3.1
CVE-2021-25740 [LOW] CVE-2021-25740: kubernetes - A security issue was discovered with Kubernetes that could enable users to send ...
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Scope: local
bookworm: resolved (fixed in 1.20.5+really1.20.2-1)
bullseye: resolved (fixed in 1.20.5+really1.20.2-1)
forky: resolved (fixed in 1.20.5+really1.20.2-1)
sid: resolved (fixed in 1.20.5+really1.20.2-1)
trixie: resolved (fixed in 1.20.5+really1.20.2-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/kubernetes/kubernetes/issues/103675https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLEhttps://kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves/https://security.netapp.com/advisory/ntap-20211014-0001/https://github.com/kubernetes/kubernetes/issues/103675https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLEhttps://security.netapp.com/advisory/ntap-20211014-0001/
2021-09-20
Published