kube-apiserver
Link | package | bugs open | bugs closed | Wiki | GitHub | web search |
Description | Kubernetes control plane component exposing the Kubernetes API |
Version | 1.31.3-1 [extra] |
Open
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-2394 | 1.23.0-1 | Medium | Vulnerable | ||
AVG-1915 | 1.23.0-1 | Low | Vulnerable |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-25740 | AVG-1915 | Low | Yes | Insufficient validation | A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a... |
CVE-2020-8562 | AVG-1915 | Low | Yes | Access restriction bypass | A security issue was discovered in Kubernetes where an authorized user may be able to access private networks on the Kubernetes control plane components.... |
CVE-2020-8561 | AVG-2394 | Medium | Yes | Information disclosure | A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration... |
Resolved
Group | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|
AVG-1970 | 1.21.0-1 | 1.21.1-1 | Low | Fixed | |
AVG-1825 | 1.20.5-1 | 1.21.0-1 | Medium | Fixed |
Issue | Group | Severity | Remote | Type | Description |
---|---|---|---|---|---|
CVE-2021-25737 | AVG-1970 | Low | Yes | Insufficient validation | A security issue was discovered in kube-apiserver before version 1.21.1 where a user may be able to redirect pod traffic to private networks on a node.... |
CVE-2021-25735 | AVG-1825 | Medium | Yes | Authentication bypass | A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook. You are only affected by this... |
Advisories
Date | Advisory | Group | Severity | Type |
---|---|---|---|---|
09 Jun 2021 | ASA-202106-29 | AVG-1970 | Low | insufficient validation |