kube-apiserver

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Kubernetes control plane component exposing the Kubernetes API
Version 1.22.2-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2394 1.22.2-1 Medium Vulnerable
AVG-1915 1.22.2-1 Low Vulnerable
Issue Group Severity Remote Type Description
CVE-2021-25740 AVG-1915 Low Yes Insufficient validation
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a...
CVE-2020-8562 AVG-1915 Low Yes Access restriction bypass
A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components....
CVE-2020-8561 AVG-2394 Medium Yes Information disclosure
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1970 1.21.0-1 1.21.1-1 Low Fixed
AVG-1825 1.20.5-1 1.21.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-25737 AVG-1970 Low Yes Insufficient validation
A security issue was discovered in kube-apiserver before version 1.21.1 where a user may be able to redirect pod traffic to private networks on a node....
CVE-2021-25735 AVG-1825 Medium Yes Authentication bypass
A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. You are only affected by this...

Advisories

Date Advisory Group Severity Type
09 Jun 2021 ASA-202106-29 AVG-1970 Low insufficient validation