Home > Vulnerability Database > CVE-2021-25736

Mend.io Vulnerability Database

CVE-2021-25736

Good to know:

Date: October 29, 2023

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Language: Go

Severity Score

5.8

Related Resources (8)

Url: https://github.com/kubernetes/kubernetes

Url: https://security.netapp.com/advisory/ntap-20231221-0003/

Url: https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ

Url: https://github.com/kubernetes/kubernetes/commit/b014610de3e5cf1bb0f7844b5758d29fc18b75e6

Url: https://github.com/advisories/GHSA-35c7-w35f-xwgh

Url: https://github.com/kubernetes/kubernetes/pull/99958

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-25736

Url: https://www.mend.io/vulnerability-database/CVE-2021-25736

Severity Score

5.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version kubernetes - 1.18.18, 1.19.10, 1.20.6, 1.21.0

Learn More

CVSS v3.1

Base Score:	5.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-25736

Good to know:

Date: October 29, 2023

Language: Go

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?