Home > Vulnerability Database > CVE-2021-25736

WhiteSource Vulnerability Database

CVE-2021-25736

Good to know:

Date: January 22, 2021

A flaw was found in the Windows kube-proxy component in Kubernetes before 1.18.18, 1.19.10, 1.20.6, 1.21.0. In a cloud environment that does not set the “.status.loadBalancer.ingress.ip” field in the LoadBalancer service status configuration (for example in AWS) the packets can be misrouted and reach an unintended destination.

Language: Go

Severity Score

5.8

Related Resources (4)

Url: https://github.com/kubernetes/kubernetes/commit/b014610de3e5cf1bb0f7844b5758d29fc18b75e6

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-25736

Url: https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q

Url: https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25736

Severity Score

5.8

Top Fix

Upgrade Version

Upgrade to version kubernetes - 1.18.18, 1.19.10, 1.20.6, 1.21.0

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

WhiteSource Vulnerability Database

We found results for “”

CVE-2021-25736

Good to know:

Date: January 22, 2021

Language: Go

Severity Score

Related Resources (4)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?