Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-25736

Summary
Assigner-kubernetes
Assigner Org ID-a6081bf6-c852-4425-ad4f-a67919267565
Published At-30 Oct, 2023 | 02:19
Updated At-12 Jun, 2025 | 14:42
Rejected At-
Credits

Windows kube-proxy LoadBalancer contention

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:kubernetes
Assigner Org ID:a6081bf6-c852-4425-ad4f-a67919267565
Published At:30 Oct, 2023 | 02:19
Updated At:12 Jun, 2025 | 14:42
Rejected At:
▼CVE Numbering Authority (CNA)
Windows kube-proxy LoadBalancer contention

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

Affected Products
Vendor
KubernetesKubernetes
Product
Kubernetes
Repo
https://github.com/kubernetes/kubernetes
Modules
  • Kube-Proxy
Platforms
  • Windows
Default Status
unaffected
Versions
Affected
  • From 0 through v1.20.5 (v1.20.5)
Metrics
VersionBase scoreBase severityVector
3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

This issue has been fixed in the following versions: * v1.21.0 * v1.20.6 * v1.19.10 * v1.18.18

Configurations
Workarounds
Exploits
Credits
finder
Eric Paris
finder
Christian Hernandez
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kubernetes/kubernetes/pull/99958
N/A
https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ
N/A
https://security.netapp.com/advisory/ntap-20231221-0003/
N/A
Hyperlink: https://github.com/kubernetes/kubernetes/pull/99958
Resource: N/A
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ
Resource: N/A
Hyperlink: https://security.netapp.com/advisory/ntap-20231221-0003/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/kubernetes/kubernetes/pull/99958
x_transferred
https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ
x_transferred
https://security.netapp.com/advisory/ntap-20231221-0003/
x_transferred
Hyperlink: https://github.com/kubernetes/kubernetes/pull/99958
Resource:
x_transferred
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ
Resource:
x_transferred
Hyperlink: https://security.netapp.com/advisory/ntap-20231221-0003/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-114CWE-114 Process Control
Type: CWE
CWE ID: CWE-114
Description: CWE-114 Process Control
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:jordan@liggitt.net
Published At:30 Oct, 2023 | 03:15
Updated At:12 Jun, 2025 | 15:15

Kube-proxy on Windows can unintentionally forward traffic to local processes listening on the same port (“spec.ports[*].port”) as a LoadBalancer Service when the LoadBalancer controller does not set the “status.loadBalancer.ingress[].ip” field. Clusters where the LoadBalancer controller sets the “status.loadBalancer.ingress[].ip” field are unaffected.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.8MEDIUM
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Primary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 5.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N
Type: Primary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
CPE Matches
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.18.0(inclusive) to 1.18.18(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.19.0(inclusive) to 1.19.10(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Kubernetes
kubernetes
>>kubernetes>>Versions from 1.20.0(inclusive) to 1.20.6(exclusive)
cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>windows>>-
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-114Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-114
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/kubernetes/kubernetes/pull/99958jordan@liggitt.net
Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJjordan@liggitt.net
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231221-0003/jordan@liggitt.net
N/A
https://github.com/kubernetes/kubernetes/pull/99958af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJaf854a3a-2127-422b-91ae-364da2661108
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20231221-0003/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://github.com/kubernetes/kubernetes/pull/99958
Source: jordan@liggitt.net
Resource:
Third Party Advisory
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ
Source: jordan@liggitt.net
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20231221-0003/
Source: jordan@liggitt.net
Resource: N/A
Hyperlink: https://github.com/kubernetes/kubernetes/pull/99958
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
Hyperlink: https://groups.google.com/g/kubernetes-security-announce/c/lIoOPObO51Q/m/O15LOazPAgAJ
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Mailing List
Third Party Advisory
Hyperlink: https://security.netapp.com/advisory/ntap-20231221-0003/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2025-1241
Matching Score-8
Assigner-Fortra, LLC
ShareView Details
Matching Score-8
Assigner-Fortra, LLC
CVSS Score-5.8||MEDIUM
EPSS-0.02% / 4.09%
||
7 Day CHG~0.00%
Published-21 Apr, 2026 | 14:10
Updated-23 Apr, 2026 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Encryption vulnerable to brute-force decryption in GoAnywhere MFT

Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data.

Action-Not Available
Vendor-Apple Inc.Fortra LLCMicrosoft CorporationLinux Kernel Organization, Inc
Product-goanywhere_managed_file_transfergoanywhere_agentswindowsmacoslinux_kernelGoAnywhere MFT
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2021-34500
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.3||MEDIUM
EPSS-3.47% / 87.67%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Memory Information Disclosure Vulnerability

Windows Kernel Memory Information Disclosure Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CVE-2025-13281
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-5.8||MEDIUM
EPSS-0.01% / 1.00%
||
7 Day CHG-0.00%
Published-14 Dec, 2025 | 21:27
Updated-15 Dec, 2025 | 18:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portworx Half-Blind SSRF in kube-controller-manager

A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control plane’s host network (including link-local or loopback services).

Action-Not Available
Vendor-Kubernetes
Product-Kubernetes
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-8555
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-6.3||MEDIUM
EPSS-8.75% / 92.58%
||
7 Day CHG~0.00%
Published-04 Jun, 2020 | 21:50
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes kube-controller-manager SSRF

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

Action-Not Available
Vendor-Fedora ProjectKubernetes
Product-kubernetesfedoraKubernetes
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2020-8568
Matching Score-8
Assigner-Kubernetes
ShareView Details
Matching Score-8
Assigner-Kubernetes
CVSS Score-5.8||MEDIUM
EPSS-0.45% / 63.79%
||
7 Day CHG~0.00%
Published-21 Jan, 2021 | 17:09
Updated-17 Sep, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kubernetes Secrets Store CSI Driver sync/rotate directory traversal

Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that contain other Kubernetes Secrets.

Action-Not Available
Vendor-Kubernetes
Product-secrets_store_csi_driverKubernetes Secrets Store CSI Driver
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-24
Path Traversal: '../filedir'
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-23748
Matching Score-6
Assigner-Check Point Software Ltd.
ShareView Details
Matching Score-6
Assigner-Check Point Software Ltd.
CVSS Score-7.8||HIGH
EPSS-11.74% / 93.77%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-24 Oct, 2025 | 13:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-27||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what conditions. In these scenarios, a malicious attacker could be using the valid and legitimate executable to load malicious files.

Action-Not Available
Vendor-audinaten/aAudinateMicrosoft Corporation
Product-dante_application_librarywindowsAudinate Dante Application Library for WindowsDante Discovery
CWE ID-CWE-114
Process Control
CWE ID-CWE-426
Untrusted Search Path
Details not found