Bug 1982470 (CVE-2021-25740) - CVE-2021-25740 kubernetes: Endpoint & EndpointSlice permissions allow cross-Namespace forwarding
Summary: CVE-2021-25740 kubernetes: Endpoint & EndpointSlice permissions allow cross-N...
Keywords:
Status: NEW
Alias: CVE-2021-25740
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1982472 1982476
Blocks: 1982471
TreeView+ depends on / blocked
 
Reported: 2021-07-15 00:37 UTC by Sam Fowler
Modified: 2022-04-14 21:54 UTC (History)
16 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Sam Fowler 2021-07-15 00:37:43 UTC 
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
Comment 1 Sam Fowler 2021-07-15 00:40:55 UTC 
Upstream advisory:

https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE

Upstream issue:

https://github.com/kubernetes/kubernetes/issues/103675
Comment 2 Sam Fowler 2021-07-15 00:57:01 UTC 
Created origin tracking bugs for this issue:

Affects: fedora-all [bug 1982472]
Comment 5 Lucas López Montero 2021-08-11 10:20:14 UTC 
Regarding the mitigation described on https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE, may be there any side effect or collateral issue if it is applied? My understanding is that there should not be, but please kindly confirm it. Thank you.
Comment 6 Sam Fowler 2021-08-16 07:46:01 UTC 
In reply to comment #5:
> Regarding the mitigation described on
> https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE, may
> be there any side effect or collateral issue if it is applied? My
> understanding is that there should not be, but please kindly confirm it.
> Thank you.

There's no known side effects or collateral issues.
Note You need to log in before you can comment on or make changes to this bug.