# CVE-2021-25735 Kubernetes 准入機制繞過漏洞
==影響版本==
kube-apiserver v1.20.0 - v1.20.5 kube-apiserver v1.19.0 - v1.19.9 kube-apiserver <= v1.18.17
==漏洞利用==
通過執行組合操作將changeAllowed標籤更改為true並添加一個新標籤,觸發該漏洞,新的值已被准入控制器覆蓋:
labels: test: test changeAllowed: "true"
==參考==
https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/
https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass/
https://github.com/darryk10/CVE-2021-25735
https://nvd.nist.gov/vuln/detail/CVE-2021-25735
https://cloud.google.com/kubernetes-engine/docs/security-bulletins
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容