Vulnerability Database
296,746
Total vulnerabilities in the database
CVE-2021-25735
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. Clusters are only affected by this vulnerability if they run a Validating Admission Webhook for Nodes that denies admission based at least partially on the old state of the Node object. Validating Admission Webhook does not observe some previous fields.
| Software | From | Fixed in |
|---|---|---|
| kubernetes / kubernetes | 1.20.0 | 1.20.6 |
| kubernetes / kubernetes | 1.19.0 | 1.19.10 |
| kubernetes / kubernetes | - | 1.18.18 |
k8s.io/kubernetes
|
1.20.0 | 1.20.6 |
|
k8s.io/kubernetes
|
1.19.0 | 1.19.10 |
|
k8s.io/kubernetes
|
- | 1.18.18 |
- https://bugzilla.redhat.com/show_bug.cgi?id=1937562
- https://github.com/kubernetes/kubernetes/commit/00e81db174ef7aca497be5f42d87e46d14df2a90
- https://github.com/kubernetes/kubernetes/issues/100096
- https://github.com/kubernetes/kubernetes/pull/99946
- https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y
- https://pkg.go.dev/k8s.io/kubernetes@v1.23.5/cmd/kube-apiserver
- https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime