A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.

Affected Packages

Go k8s.io/kubernetes

Affected versions: 0 (last affected: 1.22.2)

Related CVEs

CVE-2021-25740

Key Information

GHSA ID

GHSA-vw47-mr44-3jf9

Published

September 21, 2021 6:28 PM

Last Modified

September 21, 2021 2:54 PM

CVSS Score

2.5 /10

Primary Ecosystem

Primary Package

k8s.io/kubernetes

GitHub Reviewed

✓ Yes

Dataset

Last updated: November 26, 2025 6:30 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.