CVE-2021-25740

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

low 3.1 CVSS 3.1
Published: Sep 20, 2021
Modified: Jun 1, 2026
Vendor: Kubernetes
Product: Kubernetes

Description

A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

References

Related CVEs

CVE-2020-8562 low · 2.2
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven c
CVE-2020-8561 medium · 4.1
A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirec
CVE-2020-8554 medium · 6.3
Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Addit