CVE-2021-25735

Incorrect Authorization in go/github.com/kubernetes/kubelet

Identifiers

CVE-2021-25735

Package Slug

go/github.com/kubernetes/kubelet

Vulnerability

Incorrect Authorization

Description

A security issue was discovered in kube-apiserver that could allow node updates to bypass a Validating Admission Webhook.Validating Admission Webhook does not observe some previous fields.

Affected Versions

All versions before 1.18.18, all versions starting from 1.19.0 before 1.19.10, all versions starting from 1.20.0 before 1.20.6

Solution

Upgrade to version 1.18.18, 1.19.10, 1.20.6, or above.

Last Modified

2021-09-17

source