Vulnerability Report: GO-2022-0907
- CVE-2021-25735, GHSA-g42g-737j-qx6j
- Affects: k8s.io/kubernetes
- Published: Aug 21, 2024
- Unreviewed
Access Restriction Bypass in kube-apiserver in k8s.io/kubernetes
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-g42g-737j-qx6j or https://nvd.nist.gov/vuln/detail/CVE-2021-25735.
Affected Modules
-
PathGo Versions
-
before v1.18.18, from v1.19.0 before v1.19.10, from v1.20.0 before v1.20.6
Aliases
References
- https://github.com/advisories/GHSA-g42g-737j-qx6j
- https://nvd.nist.gov/vuln/detail/CVE-2021-25735
- https://bugzilla.redhat.com/show_bug.cgi?id=1937562
- https://github.com/kubernetes/kubernetes/commit/00e81db174ef7aca497be5f42d87e46d14df2a90
- https://github.com/kubernetes/kubernetes/issues/100096
- https://github.com/kubernetes/kubernetes/pull/99946
- https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y
- https://pkg.go.dev/k8s.io/kubernetes@v1.23.5/cmd/kube-apiserver
- https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass
- https://vuln.go.dev/ID/GO-2022-0907.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.