Main Vulnerability Database Exploits ID:6728 - Exploit for Input validation error in Kubernetes - CVE-2021-25735

ID:6728 - Exploit for Input validation error in Kubernetes - CVE-2021-25735

Published: September 12, 2021

Vulnerability identifier: #VU56245

Vulnerability risk: Medium

CVE-ID: CVE-2021-25735

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:
Kubernetes

Link to public exploit:

https://github.com/darryk10/CVE-2021-25735

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in kube-apiserver that could allow Node updates to bypass a Validating Admission Webhook. An authenticated user could exploit this by modifying Node properties to values that should have been prevented by registered admission webhooks.

Remediation

Install updates from vendor's website.

ID:6728 - Exploit for Input validation error in Kubernetes - CVE-2021-25735

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human