CVE-2021-25740: Confused Deputy in Kubernetes
(updated )
A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.
References
- github.com/advisories/GHSA-vw47-mr44-3jf9
- github.com/kubernetes/kubernetes/issues/103675
- groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE
- kubernetes.io/blog/2026/05/26/reconciling-unfixed-kubernetes-cves
- nvd.nist.gov/vuln/detail/CVE-2021-25740
- security.netapp.com/advisory/ntap-20211014-0001
Code Behaviors & Features
Detect and mitigate CVE-2021-25740 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →