CVE-2021-25736 - OpenCVE

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Kubernetes	Kubernetes

Configuration 1 [-]

AND

OR	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::
	cpe:2.3:a:kubernetes:kubernetes::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/kubernetes/kubernetes/pull/99958	Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ	Mailing List Third Party Advisory
https://security.netapp.com/advisory/ntap-20231221-0003/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: kubernetes

Published: 2023-10-30T02:19:48.916Z

Updated: 2023-10-30T02:19:48.916Z

Reserved: 2021-01-21T21:42:58.237Z

Link: CVE-2021-25736

JSON object: View

NVD Information

Status : Modified

Published: 2023-10-30T03:15:07.653

Modified: 2023-12-21T22:15:07.533

Link: CVE-2021-25736

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2021-25736", "assignerOrgId": "a6081bf6-c852-4425-ad4f-a67919267565", "state": "PUBLISHED", "assignerShortName": "kubernetes", "dateReserved": "2021-01-21T21:42:58.237Z", "datePublished": "2023-10-30T02:19:48.916Z", "dateUpdated": "2023-10-30T02:19:48.916Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["Kube-Proxy"], "platforms": ["Windows"], "product": "Kubernetes", "repo": "https://github.com/kubernetes/kubernetes", "vendor": "Kubernetes", "versions": [{"lessThanOrEqual": "v1.20.5", "status": "affected", "version": "0", "versionType": "v1.20.5"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Eric Paris "}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Christian Hernandez"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>\nKube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.<u></u><u></u></p>"}], "value": "Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "a6081bf6-c852-4425-ad4f-a67919267565", "shortName": "kubernetes", "dateUpdated": "2023-10-30T02:19:48.916Z"}, "references": [{"url": "https://github.com/kubernetes/kubernetes/pull/99958"}, {"url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ"}, {"url": "https://security.netapp.com/advisory/ntap-20231221-0003/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>This issue has been fixed in the following versions:<u></u><u></u></p>\n<ul>\n<li>\nv1.21.0<u></u><u></u></li><li>\nv1.20.6<u></u><u></u></li><li>\nv1.19.10<u></u><u></u></li><li>\nv1.18.18</li></ul>"}], "value": "This issue has been fixed in the following versions:\n\n\n\n * \nv1.21.0\n * \nv1.20.6\n * \nv1.19.10\n * \nv1.18.18\n\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Windows kube-proxy LoadBalancer contention", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E811D79-831A-493A-A0C8-D06442D01ADD", "versionEndExcluding": "1.18.18", "versionStartIncluding": "1.18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "54F99BEF-703E-43C0-846C-AB9EECE134A9", "versionEndExcluding": "1.19.10", "versionStartIncluding": "1.19.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*", "matchCriteriaId": "E26E82C1-754C-4E81-B7BC-FB4DACE33945", "versionEndExcluding": "1.20.6", "versionStartIncluding": "1.20.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Kube-proxy\n on Windows can unintentionally forward traffic to local processes \nlistening on the same port (\u201cspec.ports[*].port\u201d) as a LoadBalancer \nService when the LoadBalancer controller\n does not set the \u201cstatus.loadBalancer.ingress[].ip\u201d field. Clusters \nwhere the LoadBalancer controller sets the \n\u201cstatus.loadBalancer.ingress[].ip\u201d field are unaffected.\n\n"}, {"lang": "es", "value": "Kube-proxy en Windows puede reenviar tr\u00e1fico involuntariamente a procesos locales que escuchan en el mismo puerto (\u201cspec.ports[*].port\u201d) que LoadBalancer Service cuando el controlador LoadBalancer no configura \u201cstatus.loadBalancer.ingress[].ip\u201d. Los cl\u00fasteres donde el controlador LoadBalancer establece el campo \"status.loadBalancer.ingress[].ip\" no se ven afectados."}], "id": "CVE-2021-25736", "lastModified": "2023-12-21T22:15:07.533", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 4.0, "source": "jordan@liggitt.net", "type": "Secondary"}]}, "published": "2023-10-30T03:15:07.653", "references": [{"source": "jordan@liggitt.net", "tags": ["Third Party Advisory"], "url": "https://github.com/kubernetes/kubernetes/pull/99958"}, {"source": "jordan@liggitt.net", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ"}, {"source": "jordan@liggitt.net", "url": "https://security.netapp.com/advisory/ntap-20231221-0003/"}], "sourceIdentifier": "jordan@liggitt.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}