kube-apiserver

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Kubernetes control plane component exposing the Kubernetes API
Version 1.21.2-1 [community-testing]
1.21.1-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-1915 1.21.2-1 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2020-8562 AVG-1915 Low Yes Access restriction bypass
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components....

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1970 1.21.0-1 1.21.1-1 Low Fixed
AVG-1825 1.20.5-1 1.21.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-25737 AVG-1970 Low Yes Insufficient validation
A security issue was discovered in kube-apiserver before version 1.21.1 where a user may be able to redirect pod traffic to private networks on a node....
CVE-2021-25735 AVG-1825 Medium Yes Authentication bypass
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. You are only affected by this...

Advisories

Date Advisory Group Severity Type
09 Jun 2021 ASA-202106-29 AVG-1970 Low insufficient validation