{"id":"GHSA-vw47-mr44-3jf9","summary":"Confused Deputy in Kubernetes","details":"A security issue was discovered with Kubernetes that could enable users to send network traffic to locations they would otherwise not have access to via a confused deputy attack.","aliases":["CVE-2021-25740"],"modified":"2026-02-04T02:34:10.377695Z","published":"2021-09-21T18:28:30Z","related":["CGA-x76m-pwj8-ghjm"],"database_specific":{"github_reviewed":true,"github_reviewed_at":"2021-09-21T14:54:49Z","severity":"LOW","nvd_published_at":"2021-09-20T17:15:00Z","cwe_ids":["CWE-441","CWE-610"]},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-25740"},{"type":"WEB","url":"https://github.com/kubernetes/kubernetes/issues/103675"},{"type":"PACKAGE","url":"https://github.com/kubernetes/kubernetes"},{"type":"WEB","url":"https://groups.google.com/g/kubernetes-security-announce/c/WYE9ptrhSLE"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20211014-0001"}],"affected":[{"package":{"name":"k8s.io/kubernetes","ecosystem":"Go","purl":"pkg:golang/k8s.io/kubernetes"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"last_affected":"1.22.2"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-vw47-mr44-3jf9/GHSA-vw47-mr44-3jf9.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}]}